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High Vulnerabilities 
Primary ier : cvss Source & Patch 
Vendor -- Product peecHpeen Pupiened | Score | Info 
: aa , ; CVE-2021-30475 
A . aom_dsp/noise_model.c in libaom in AOMedia before 2021-03- mime 
aomedia -- aomedia 5a hhas.a butler oveniow: 2021-06-04 | LS ane 











Webtools in Brocade SANnav before version 2.1.1 allows 


broadeomi <’sannay unauthenticated users to make requests to arbitrary hosts due to 2021-06-09 7% CVE-2020-15377 








a misconfiguration; this is commonly referred to as Server-Side MISC 
Request Forgery (SSRF). 
An authentication bypass in telnet server in BF-430 and BF431 
232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU CVE-2021-31251 
ore hE . Technology Inc allows obtaining a privileged connection with the 06. CONFIRM 
Bhlyacteehi bia oe ainmnene target device by supplying a specially malformed request and an ale yee Ot ES MISC 


attacker may force the remote telnet server to believe that the MISC 
user has already authenticated. 


The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux 
kernel did not check that the allocated size was smaller than the 
ringbuf size, allowing an attacker to perform out-of-bounds writes 








CVE-2021-3489 





within the kernel and therefore, arbitrary code execution. This aca 
linux -- linux_kernel issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny 2021-06-04 ar UBUNTU 
reserve of buffers larger than ringbuf") (v5.13-rc4) and MISC. 
backported to the stable kernels in v5.12.4, v5.11.21, and MLIST 
V5.10.37. It was introduced via 457f44363a88 ("bpf: Implement (ieee 


BPF ring buffer and verifier support for it") (v5.8-rc1). 


The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and 
YXOR) in the Linux kernel did not properly update 32-bit bounds, 
which could be turned into out of bounds reads and writes in the 
Linux kernel and therefore, arbitrary code execution. This issue 











was fixed via commit 049c4e137 14e ("bpf: Fix alu32 const a 
linux -- linux_kernel subreg bound tracking on bitwise operations") (v5.13-rc4) and 2021-06-04 fae MISC 
backported to the stable kernels in v5.12.4, v5.11.21, and UBUNTU 
v5.10.37. The AND/OR issues were introduced by commit MLIST 
3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") = 


(5.7-rc1) and the XOR variant was introduced by 2921c90d4718 
("bpf:Fix a verifier failure with xor") ( 5.10-rc1). 
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Primary er : CVvss Source & Patch 
Vendor -- Product PeSenpHen Papilsher Score Info 
The io_uring subsystem in the Linux kernel allowed the 
MAX_RW_COUNT limit to be bypassed in the 
PROVIDE __ BUFFERS operation, which led to negative values 
being usedin mem_rw when reading /proc/<PID>/mem. This rr a 
could be used to create a heap overflow leading to arbitrary code UBUNTU 
linux -- linux_kernel execution in the kernel. It was addressed via commit 2021-06-04 fa. MISC 
d1f82808877b ("io_uring: truncate lengths larger than MISC 
MAX_RW_COUNT on provide buffers") (v5.13-rc1) and IMLIST 
backported to the stable kernels in v5.12.4, v5.11.21, and p= 
v5.10.37. It was introduced in ddf0322db79c (“io_uring: add 
IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1). 
microsoft -- Microsoft Intune Management Extension Remote Code Execution ICVE-2021-31980 
H , - 2021-06-08 13 
intune_management_extension Mulnerability MISC 
F F Server for NFS Information Disclosure Vulnerability This CVE ID CVE-2021-31975 
micas ott = wingeMset9 is unique from CVE-2021-31976. nee |) oe ala 
F F Server for NFS Information Disclosure Vulnerability This CVE ID CVE-2021-31976 
nicest ingens 8 is unique from CVE-2021-31975. 2021-06-08 | 28  |misc 
microsoft -- windows_10 Kerberos AppContainer Security Feature Bypass Vulnerability 2021-06-08 tas as 
Out of bound read will happen if EAPOL Key length is less than 
expected while processing NAN shared key descriptor attribute in 
Snapdragon Auto, Snapdragon Compute, Snapdragon CVE-2020-11241 
qualcomm -- apq8009_firmware Connectivity, Snapdragon Consumer Electronics Connectivity, 2021-06-09 78 CONFIRM. 
Snapdragon Consumer IOT, Snapdragon Industrial IOT, ————— 
Snapdragon loT, Snapdragon Mobile, Snapdragon Voice & 
Music, Snapdragon Wired Infrastructure and Networking 
Back to top 
Medium Vulnerabilities 
Primary — : CVvss Source & Patch 
Vendor -- Product Ppsenpuen Puplishen Score Info 
a : : CVE-2021-33904 
accela -- civic_platform In Accela Civic Platform through 21.1, the security/hostSignon.do 2021-06-07 43 MISC 
parameter servProvCode is vulnerable to XSS. MISC 
adiscon -- loganalyzer Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. 2021-06-08 4.3 al =31738 
biodfax <-bloofexcms BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by 2021-06-04 4 ICVE-2020-36142 
inserting '../' payloads within the 'fileurl' parameter. MISC 
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability CVE-2020-36141 
bloofox -- bloofoxcms via bypass MIME Type validation by inserting 'image/jpeg' within || 2021-06-04 6.5 MISC. .tC~™S 
the 'Content-Type' header. eo 
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) 
via 'mode=settings&page=editor', as demonstrated by use of CVE-2020-36140 
bloofox -- bloofoxcms 'mode=settings&page=editor' to change any file content eee 43 MISC 
(Locally/Remotely). 
Brocade SANNav before version 2.1.1 contains an information CVE-2020-15384 
broadcom -- sannav disclosure vulnerability. Successful exploitation of internal server || 2021-06-09 5 MISC) tC~™S 
information in the initial login response header. ar ee 
Kraadeom = Sanna Brocade SANnav before version 2.1.1 logs account credentials at 2021-06-09 5 CVE-2020-15380 
the ‘trace’ logging level. MISC 
The OVA version of Brocade SANnav before version 2.1.1 CVE-2020-15378 
broadcom -- sannav installation with IPv6 networking exposes the docker container 2021-06-09 a MISC... 
ports to the network, increasing the potential attack surface. eee 
Brocade SANnav before version 2.1.1 allows an authenticated 
attacker to list directories, and list files without permission. As a CVE-2020-15385 
broadcom == Sannay result, users without permission can see folders, and hidden files, aneI-0e 07 aa MISC 
and can create directories without permission. 
An open redirect vulnerability exists in BF-630, BF-450M, BF- 
430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC aT 
chiyu-tech -- bf-430_ firmware devices from CHIYU Technology that can be exploited by sending|| 2021-06-04 5.8 MISC. 
a link that has a specially crafted URL to convince the user to MISC 
click on it. (pecans 
A CRLF injection vulnerability was found on BF-430, BF-431, and CVE-2021-31249 
: s BF-450M TCP/IP Converter devices from CHIYU Technology Inc MISC 
Galyiricen ='bi-ao0_ Sanwate due to a lack of validation on the parameter redirect= available on eee ees 4 MISC 
multiple CGI components. MISC 
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Primary er : CVvss Source & Patch 
Vendor -- Product Peccnpien Papilsher Score Info 
A vulnerability in Cisco Webex Meetings Desktop App for 
Windows, Cisco Webex Meetings Server, Cisco Webex Network 
Recording Player for Windows, and Cisco Webex Teams for 
Windows could allow an authenticated, local attacker to perform 
a DLL injection attack on an affected device. To exploit this 
vulnerability, the attacker must have valid credentials on the CVE-2021-1536 
cisco -- webex_meetings_ desktop |Windows system. This vulnerability is due to incorrect handling of || 2021-06-04 6.9 cIScO.tCt~™S 
directory paths at run time. An attacker could exploit this ere 
vulnerability by inserting a configuration file in a specific path in 
the system, which can cause a malicious DLL file to be loaded 
when the application starts. A successful exploit could allow the 
attacker to execute arbitrary code on the affected system with the 
privileges of another user account. 
A cross-site scripting (XSS) vulnerability in the HTML Data 
F . Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 CVE-2021-33829 
chegOneeneaior allows remote attackers to inject executable JavaScript code eae 43 MISC 
through a crafted comment because --!> is mishandled. 
A cross-site scripting (XSS) vulnerability in CloverDX Server 
5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote CVE-2021-30133 
cloverdx -- cloverdx attackers to inject arbitrary web script or HTML via the 2021-06-09 4.3 CONFIRM 
sessionToken parameter of multiple methods in Simple HTTP MISC 
API. This is resolved in 5.9.1 and 5.10. 
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory ao a 
dino -- dino Traversal (only for creation of new files) via URI-encoded path 2021-06-07 a MISC. 
separators. MLIST 
The D-Link router DIR-868L 3.01 is vulnerable to credentials 
: F . disclosure in telnet service through decompilation of firmware, CVE-2020-29321 
Glink =I @66|tninwere: that allows an unauthenticated attacker to gain access to the ete ees 5 MISC 
firmware and to extract sensitive data. 
The D-Link router DIR-880L 1.07 is vulnerable to credentials 
, : 3 disclosure in telnet service through decompilation of firmware, CVE-2020-29322 
gine = aie Seyi alnnwals: that allows an unauthenticated attacker to gain access to the ene een? 2 MISC 
firmware and to extract sensitive data. 
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable 
, : , to credentials disclosure in telnet service through decompilation CVE-2020-29323 
BUR =aleee ot eaTmmweie of firmware, that allows an unauthenticated attacker to gain eee 5 MISC 
access to the firmware and to extract sensitive data. 
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to 
dlink -- dir-8951_mfc_firmware credentials disclosure in telnet service through decompilation of 2021-06-04 5 CVE-2020-29324 
firmware, that allows an unauthenticated attacker to gain access MISC 
to the firmware and to extract sensitive data. 
CVE-2021-28091 
MISC 
MISC 
Lasso all versions prior to 2.7.0 has improper verification of a MISC 
SnOuvelt S1GSe0 cryptographic signature. eee en 2 DEBIAN 
MLIST 
FEDORA 
FEDORA 
A SQL injection vulnerability exists in some configurations of 
ArcGIS Server versions 10.8.1 and earlier. Specially crafted web 
‘ requests can expose information that is not intended to be ne CVE-2021-29099 
eat cme ec er disclosed (not customer datasets). Web Services that use file eve OE 8 CONFIRM 
based data sources (file Geodatabase or Shape Files or tile 
cached services) are unaffected by this issue. 
An issue has been discovered in GitLab affecting all versions he aes 
gitlab -- gitlab starting with 13.10. GitLab was vulnerable to a stored XSS in 2021-06-08 4.3 MISC. 
blob viewer of notebooks. nie 
MISC 
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 CVE-2021-30517 
google -- chrome allowed a remote attacker to potentially exploit heap corruption 2021-06-04 6.8 MISC 
via a crafted HTML page. MISC 
Insufficient policy enforcement in PopupBlocker in Google CVE-2021-30533 
google -- chrome Chrome prior to 91.0.4472.77 allowed a remote attacker to 2021-06-07 4.3 MISC 
bypass navigation restrictions via a crafted iframe. MISC 
Insufficient policy enforcement in Content Security Policy in CVE-2021-30532 
google -- chrome Google Chrome prior to 91.0.4472.77 allowed a remote attacker || 2021-06-07 4.3 MISC 
to bypass content security policy via a crafted HTML page. MISC 
Insufficient policy enforcement in Content Security Policy in CVE-2021-30531 
google -- chrome Google Chrome prior to 91.0.4472.77 allowed a remote attacker || 2021-06-07 4.3 MISC 
to bypass content security policy via a crafted HTML page. MISC 
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Primary Boles : CVvss Source & Patch 
Vendor -- Product PescnpHell Pabiisher Score Info 
Use after free in Autofill in Google Chrome prior to 90.0.4430.212 
sedis chromed allowed a remote attacker who had compromised the renderer 2021-06-04 68 Tir aa 

goog process to potentially exploit heap corruption via a crafted HTML aoe MISC 

page. es 

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 CVE-2021-30513 
google -- chrome allowed a remote attacker to potentially exploit heap corruption 2021-06-04 6.8 MISC 

via a crafted HTML page. MISC 

Out of bounds read in Tab Groups in Google Chrome prior to 

90.0.4430.212 allowed an attacker who convinced a user to CVE-2021-30511 
google -- chrome : ie ‘ 2021-06-04 58 MISC 

install a malicious extension to perform an out of bounds memory MISC 

read via a crafted HTML page. fase 

Use after free in Notifications in Google Chrome prior to 

90.0.4430.212 allowed a remote attacker who had compromised fe ee 
google -- chrome ; : Ff : 2021-06-04 6.8 MISC 

the renderer process to potentially exploit heap corruption via a MISC 

crafted HTML page. ff 

Insufficient policy enforcement in cookies in Google Chrome prior CVE-2021-30537 
google -- chrome to 91.0.4472.77 allowed a remote attacker to bypass cookie 2021-06-07 4.3 MISC 

policy via a crafted HTML page. MISC 

Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 CVE-2021-30536 
google -- chrome allowed a remote attacker to potentially exploit stack corruption 2021-06-07 5.8 MISC 

via a crafted HTML page. MISC 

Insufficient policy enforcement in content security policy in CVE-2021-30539 
google -- chrome Google Chrome prior to 91.0.4472.77 allowed a remote attacker || 2021-06-07 5.8 MISC 

to bypass content security policy via a crafted HTML page. MISC 

Use after free in Aura in Google Chrome prior to 90.0.4430.212 CVE-2021-30510 
google -- chrome allowed a remote attacker to potentially exploit heap corruption 2021-06-04 6.8 MISC 

via a crafted HTML page. MISC 

Out of bounds write in Tab Strip in Google Chrome prior to 

90.0.4430.212 allowed an attacker who convinced a user to a 
google -- chrome : wa . 2021-06-04 6.8 MISC 

install a malicious extension to perform an out of bounds memory MISC 

write via a crafted HTML page and a crafted Chrome extension. (eae: 

Heap buffer overflow in Media Feeds in Google Chrome prior to 

90.0.4430.212 allowed an attacker who convinced a user to CVE-2021-30508 
google -- chrome : : . : 2021-06-04 6.8 MISC 

enable certain features in Chrome to potentially exploit heap MISC 

corruption via a crafted HTML page. ree 

Inappropriate implementation in Offline in Google Chrome on : “ 

Android prior to 90.0.4430.212 allowed a remote attacker who eee ete 
google -- chrome ; Sanh ; 2021-06-04 6.8 MISC 

had compromised the renderer process to bypass site isolation MISC 

via a crafted HTML page. 

Incorrect security Ul in Web App Installs in Google Chrome on 3 . 

Android prior to 90.0.4430.212 allowed an attacker who eee ee e0sle 
google -- chrome : : me aes : 2021-06-04 6.8 MISC 

convinced a user to install a web application to inject scripts or MISC 

HTML into a privileged page via a crafted HTML page. —— 

Insufficient policy enforcement in iFrameSandbox in Google CVE-2021-30534 
google -- chrome Chrome prior to 91.0.4472.77 allowed a remote attacker to 2021-06-07 4.3 MISC 

bypass navigation restrictions via a crafted HTML page. MISC 

Insufficient policy enforcement in content security policy in CVE-2021-30538 
google -- chrome Google Chrome prior to 91.0.4472.77 allowed a remote attacker || 2021-06-07 4.3 MISC 

to bypass content security policy via a crafted HTML page. MISC 

Heap buffer overflow in Reader Mode in Google Chrome prior to CVE-2021-30518 
google -- chrome 90.0.4430.212 allowed a remote attacker to potentially exploit 2021-06-04 6.8 MISC 

heap corruption via a crafted HTML page. MISC 

Use after free in WebUI in Google Chrome prior to 91.0.4472.77 

allowed an attacker who convinced a user to install a malicious ee 
google -- chrome : : : : : 2021-06-07 6.8 MISC 

extension to potentially exploit heap corruption via a crafted MISC 

HTML page. ar 

Use after free in Payments in Google Chrome prior to 

90.0.4430.212 allowed an attacker who convinced a user to CVE-2021-30519 
google -- chrome : oie é : 2021-06-04 6.8 MISC 

install a malicious payments app to potentially exploit heap MISC 

corruption via a crafted HTML page. = 

Use after free in Tab Strip in Google Chrome prior to 

90.0.4430.212 allowed an attacker who convinced a user to ee 
google -- chrome : wa . : : : 2021-06-04 6.8 MISC 

install a malicious extension to potentially exploit heap corruption MISC 

via a crafted HTML page. Ese 

Heap buffer overflow in Autofill in Google Chrome on Android CVE-2021-30521 
google -- chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of || 2021-06-07 6.8 MISC 

bounds memory access via a crafted HTML page. MISC 

Use after free in WebAudio in Google Chrome prior to oe 
google -- chrome 91.0.4472.77 allowed a remote attacker to potentially exploit 2021-06-07 6.8 MISC 

heap corruption via a crafted HTML page. MISC 
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Primary er : Cvss Source & Patch 
Vendor -- Product Pescmption Publigned Score Info 
Use after free in WebRTC in Google Chrome prior to CVE-2021-30523 
google -- chrome 91.0.4472.77 allowed a remote attacker to potentially exploit 2021-06-07 6.8 MISC 
heap corruption via a crafted SCTP packet. MISC 
Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 
é6ale--chrome allowed an attacker who convinced a user to install a malicious 2021-06-07 6.8 oe 
goog extension to potentially exploit heap corruption via a crafted = MISC 
HTML page. i 
Use after free in TabGroups in Google Chrome prior to 
Soule chrone 91.0.4472.77 allowed an attacker who convinced a user to install 2021-06-07 68 oo 
goog a malicious extension to potentially exploit heap corruption via a —— MISC 
crafted HTML page. pase 
Out of bounds write in TabStrip in Google Chrome prior to 
soale = chrome 91.0.4472.77 allowed an attacker who convinced a user to install 2021-06-07 68 itr ecaeleals 
goog a malicious extension to perform an out of bounds memory write = MISC 
via a crafted HTML page. fo 
Use after free in WebAuthentication in Google Chrome on 
Android prior to 91.0.4472.77 allowed a remote attacker who had CVE-2021-30528 
google -- chrome compromised the renderer process of a user who had saved a 2021-06-07 6.8 MISC 
credit card in their Google account to potentially exploit heap MISC 
corruption via a crafted HTML page. 
Use after free in File API in Google Chrome prior to CVE-2021-30515 
google -- chrome 90.0.4430.212 allowed a remote attacker to potentially exploit 2021-06-04 6.8 MISC 
heap corruption via a crafted HTML page. MISC 
Use after free in Bookmarks in Google Chrome prior to 
poodle -tchronie 91.0.4472.77 allowed an attacker who convinced a user to install 2021-06-07 6.8 oo 
goog a malicious extension to potentially exploit heap corruption via a ere MISC 
crafted HTML page. = 
Double free in ICU in Google Chrome prior to 91.0.4472.77 CVE-2021-30535 
google -- chrome allowed a remote attacker to potentially exploit heap corruption 2021-06-07 6.8 MISC 
via a crafted HTML page. MISC 
Use after free in Tab Strip in Google Chrome prior to 
Hsala<uchrame 91.0.4472.77 allowed an attacker who convinced a user to install 2021-06-07 68 Hee 
goog a malicious extension to potentially exploit heap corruption via a —— MISC 
crafted HTML page. ——— 
Use after free in Tab Strip in Google Chrome prior to 
6oale-<chrome 91.0.4472.77 allowed an attacker who convinced a user to install 2021-06-07 68 oe 
goog a malicious extension to potentially exploit heap corruption via a rae MISC 
crafted HTML page. = 
Incorrect security Ul in payments in Google Chrome on Android CVE-2021-30540 
google -- chrome prior to 91.0.4472.77 allowed a remote attacker to perform 2021-06-07 4.3 MISC 
domain spoofing via a crafted HTML page. MISC 
Heap buffer overflow in History in Google Chrome prior to 
eGalé-<chrame 90.0.4430.212 allowed a remote attacker who had compromised 2021-06-04 68 wen 
goog the renderer process to potentially exploit heap corruption via a a MISC 
crafted HTML page. ss 
Out of bounds memory access in WebAudio in Google Chrome CVE-2021-30530 
google -- chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of || 2021-06-07 6.8 MISC 
bounds memory access via a crafted HTML page. MISC 
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 
2018.4.1.0 through 2018.4.1.14 stores sensitive information in CVE-2020-5008 
ibm -- datapower_gateway GET request parameters. This may lead to information disclosure || 2021-06-07 5 CONFIRM 
if unauthorized parties have access to the URLs via server logs, XF 
referrer header or browser history. IBM X-Force ID: 193033. 
IBM WebSphere Application Server Network Deployment 8.5 and 
piace 9.0 could allow a remote authenticated attacker to traverse CVE-2021-20517 
Wwabsphake aplication: server wd directories. An attacker could send a specially-crafted URL 2021-06-07 6.5 CONFIRM 
P —2Pp = = request containing "dot dot" sequences (/../) to read and delete XE 
arbitrary files on the system. IBM X-Force ID: 198435. 
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not 
validate the signatures of any SAML assertions it receives. Any oo 
inverse -- Sogo actor with network access to the deployment could impersonate 2021-06-04 = MISC 
users when SAML is the authentication method. (Only versions MISC 
after 2.0.5a are affected.) i 
The JNews WordPress theme before 8.0.6 did not sanitise the 
F F cat_id parameter in the POST request /?ajax-request=jnews (with CVE-2021-24342 
ia ai action=jnews_build_mega_category_*), leading to a Reflected etal Oewt 43 CONFIRM 
Cross-Site Scripting (XSS) issue. 
Luca through 1.7.4 on Android allows remote attackers to obtain a 
iuecaon=luea sensitive information about COVID-19 tracking because requests 2021-06-04 5 MISC 
PP related to Check-In State occur shortly after requests for Phone = MISC 
Number Registration. MISC 
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Primary er : CVvss Source & Patch 
Vendor -- Product DeScnPHen PEBISHED Score Info 
The server in Luca through 1.1.14 allows remote attackers to 
hiskapmelues cause a denial of service (insertion of many fake records related 2021-06-04 5 ir aaaaials 
PP to COVID-19) because Phone Number data lacks a digital = MISC 
signature. Pa 
Luca through 1.7.4 on Android allows remote attackers to obtain ee 
ieaeanp eles sensitive information about COVID-19 tracking because the QR 2021-06-04 5 MISC 
PP code of a Public Location can be intentionally confused with the = MISC 
QR code of a Private Meeting. MISC 
: : ‘ , sa CVE-2021-31941 
’ Microsoft Office Graphics Remote Code Execution Vulnerability nee oO 
falGnasot "G05 apps This CVE ID is unique from CVE-2021-31940. 2021-06-08 | 6.8 ree 
P Microsoft Office Graphics Remote Code Execution Vulnerability ICVE-2021-31940 
microsoft — 365_apps This CVE ID is unique from CVE-2021-31941. 2021-06-08 | 88 misc 
: , 3D Viewer Remote Code Execution Vulnerability This CVE ID is CVE-2021-31943 
micresott = Sd Niewer unique from CVE-2021-31942. eRe ||, oo 
‘ F 3D Viewer Remote Code Execution Vulnerability This CVE ID is ICVE-2021-31942 
micwsoll = event unique from CVE-2021-31943. raeegeees (Mica |" 
microsoft -- 3d_viewer 3D Viewer Information Disclosure Vulnerability 2021-06-08 4.3 oe ai 
microsoft -- edge Microsoft Edge (Chromium-based) Elevation of Privilege 2021-06-08 54 ICVE-2021-33741 
Vulnerability MISC 
‘ Microsoft VsCode Kubernetes Tools Extension Elevation of CVE-2021-31938 
microsoft -- kubernetes_tools Privilege Vulnerability 2021-06-08 6.8 i aa 
microsoft — : 2 Microsoft Defender Remote Code Execution Vulnerability 2021-06-08 6.8 CVE-2021-31985 
malware_protection_engine MISC 
: : ei ‘ ; CVE-2021-31946 
F F Paint 3D Remote Code Execution Vulnerability This CVE ID is nK<— 
tcresoftspalniegd unique from CVE-2021-31945, CVE-2021-31983. AOE OOS | Be eee 
: ; sad : : CVE-2021-31945 
: : Paint 3D Remote Code Execution Vulnerability This CVE ID is mig = 
microsoft ~\paint_sd unique from CVE-2021-31946, CVE-2021-31983. 2021-06-08 | &e nee 
F Microsoft SharePoint Server Remote Code Execution 
microsoft -- Vulnerability This CVE ID is unique from CVE-2021-31963, CVE- || 2021-06-08 | 65  |C¥E=2021-26420 
sharepoint_enterprise_server MISC 
2021-31966. 
microsoft -- vp9_video_extensions |VP9 Video Extensions Remote Code Execution Vulnerability 2021-06-08 6.8 ni 
microsoft -- windows_10 Windows Remote Desktop ServicesA Denial of Service 2021-06-08 5 CVE-2021-31968 
Vulnerability MISC 
microsoft -- windows_10 Server for NFS Denial of Service Vulnerability 2021-06-08 5 —o 
microsoft -- windows_10 Windows Cloud Files Mini Filter Driver Elevation of Privilege 2021-06-08 46 ICVE-2021-31969 
Vulnerability MISC 
microsoft -- windows_10 Windows GPSVC Elevation of Privilege Vulnerability 2021-06-08 | 4.6 oe =31973 
microsoft -- windows_10 Windows HTML Platform Security Feature Bypass Vulnerability 2021-06-08 6.8 i ona =S1971 
microsoft -- windows_server_2008 |\Windows DCOM Server Security Feature Bypass 2021-06-08 4.3 asa =26414 
‘ : Microsoft Enhanced Cryptographic Provider Elevation of Privilege ICVE-2021-31201 
microsoft -- windows_server_2008 [hj inerability This CVE ID is unique from CVE-2021-31199. 2021-06-08 | 48 misc 
microsoft -- windows_server_2008 ||Windows Print Spooler Elevation of Privilege Vulnerability 2021-06-08 6.8 a —_— 
An integer overflow leading to a heap-buffer overflow was found 
SHaneKr= a peneK in the DwaCompressor of OpenEXR in versions before 3.0.1. An 2021-06-08 43 cco nn 
P P attacker could use this flaw to crash an application compiled with —* MISC 
OpenEXR. Poe 
An integer overflow leading to a heap-buffer overflow was found 
in the DwaCompressor of OpenEXR in versions before 3.0.1. An ve aie eet0 
Openexr -- openexr ; paar ‘ ; 2021-06-08 4.3 FEDORA 
attacker could use this flaw to crash an application compiled with MISC 
OpenEXR. This is a different flaw from CVE-2021-23215. ——— 
An integer overflow leading to a heap-buffer overflow was found CVE-2021-26945 
Openexr -- openexr in OpenEXR in versions before 3.0.1. An attacker could use this 2021-06-08 4.3 MISC..OtC~™S 
flaw to crash an application compiled with OpenEXR. inioaeas 
A heap-buffer overflow was found in the copyIntoFrameBuffer CVE-2021-23169 
i eanieki =e peHON. function of OpenEXR in versions before 3.0.1. An attacker could 2021-06-08 68 EEDORA 
P P use this flaw to execute arbitrary code with the permissions of the — MISC 
user running the application compiled against OpenEXR. EEDORA 
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Primary er : CVvss Source & Patch 
Vendor -- Product Pescnphell Papllener Score Info 
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers 
openvpn -- to trigger an assert during the user authentication phase via fave eet oee 
h ale : 2021-06-04 5 MISC 
Openvpn_access_server incorrect authentication token data in an early phase of the user MISC 
authentication resulting in a denial of service. Pa 
PageLayer before 1.3.5 allows reflected XSS via the font-size CVE-2020-36383 
pagelayer -- pagelayer parameter. 2021-06-07 4.3 MISG 
pagelayer -- pagelayer PageLayer before 1.3.5 allows reflected XSS via color settings. 2021-06-07 4.3 acai 
Time-of-check time-of-use race condition While processing 
partition entries due to newly created buffer was read again from 
: mmc without validation in Snapdragon Auto, Snapdragon CVE-2020-11233 
qualcomm — apqé009_firmware Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial eae es 6.9 CONFIRM 
IOT, Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wearables 
Use after free due to race condition when reopening the device 
driver repeatedly in Snapdragon Auto, Snapdragon Compute, 
. Snapdragon Connectivity, Snapdragon Consumer IOT, CVE-2020-11250 
Bale one apa eHow ciimiwale Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon meee 6.9 CONFIRM 
Moice & Music, Snapdragon Wearables, Snapdragon Wired 
Infrastructure and Networking 
Resource leakage issue during dci client registration due to 
reference count is not decremented if dci client registration fails in CVE-2020-11160 
qualcomm -- apq8096au_firmware ||Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer|| 2021-06-09 46 CONFIRM. 
IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon _—————— 
Voice & Music, Snapdragon Wearables 
The Refined GitHub browser extension before 21.6.8 might allow CVE-2021-34364 
refined-github_project -- refined- IXSS via a link ina document. NOTE: github.com sends Content- 2021-06-09 43 MISC ..OS—™S 
github Security-Policy headers to, in general, address XSS and other ee MISC 
concerns. (canes 
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open manipulated PCX file received from untrusted sources CVE-2021-33661 
sap -- 3d_visual_enterprise_viewer ||which results in crashing of the application and becoming 2021-06-09 4.3 MISC 
temporarily unavailable until the user restarts the application, this MISC 
is caused due to Improper Input Validation. 
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open manipulated FLI file received from untrusted sources which CVE-2021-33660 
sap -- 3d_visual_enterprise_viewer ||results in crashing of the application and becoming temporarily 2021-06-09 4.3 MISC 
unavailable until the user restarts the application, this is caused MISC 
due to Improper Input Validation. 
open manipulated GIF file received from untrusted sources which CVE-2021-33659 
sap -- 3d_visual_enterprise_viewer |Iresults in crashing of the application and becoming temporarily 2021-06-09 4.3 MISC 
unavailable until the user restarts the application, this is caused MISC 
due to Improper Input Validation. 
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open manipulated TIF file received from untrusted sources which CVE-2021-27641 
sap -- 3d_visual_enterprise_viewer ||results in crashing of the application and becoming temporarily 2021-06-09 4.3 MISC 
unavailable until the user restarts the application, this is caused MISC 
due to Improper Input Validation. 
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open manipulated JT file received from untrusted sources which CVE-2021-27638 
sap -- 3d_visual_enterprise_viewer ||results in crashing of the application and becoming temporarily 2021-06-09 4.3 MISC 
unavailable until the user restarts the application, this is caused MISC 
due to Improper Input Validation. 
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open manipulated JT file received from untrusted sources which CVE-2021-27639 
sap -- 3d_visual_enterprise_viewer |Iresults in crashing of the application and becoming temporarily 2021-06-09 4.3 MISC 
unavailable until the user restarts the application, this is caused MISC 
due to Improper Input Validation. 
open manipulated PSD file received from untrusted sources 
sap -- 3d_visual_enterprise_viewer ||which results in crashing of the application and becoming 2021-06-09 4.3 MISC 
temporarily unavailable until the user restarts the application, this MISC 
is caused due to Improper Input Validation. 
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open manipulated PCX file received from untrusted sources CVE-2021-27642 
sap -- 3d_visual_enterprise_viewer ||which results in crashing of the application and becoming 2021-06-09 4.3 MISC 
temporarily unavailable until the user restarts the application, this MISC 
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Primary er : CVvss Source & Patch 
Vendor -- Product PeScnpHen PapilsHer Score Info 
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open manipulated IFF file received from untrusted sources which CVE-2021-27643 
sap -- 3d_visual_enterprise_viewer ||results in crashing of the application and becoming temporarily 2021-06-09 4.3 MISC 
unavailable until the user restarts the application, this is caused MISC 
due to Improper Input Validation. 
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows 
: : aX eer x remote attackers to gain privilege and execute arbitrary code via 6. CVE-2020-18265 
simple-log_prolact = Simple-09 the component "Simple-Log/admin/admin.php? Neue 6.8 MISC 
act=act_add_member". 
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows 
, . Sere ae 7 remote attackers to gain privilege and execute arbitrary code via 6. CVE-2020-18264 
pinpleslOg._Digjeet -'eimplesiog the component "Simple-Log/admin/admin.php? ue eeree 6.8 MISC 
act=act_edit_member". 
Trace Financial CRESTBridge <6.3.0.02 contains an CVE-2020-24667 
tracefinanacial -- crestbridge authenticated SQL injection vulnerability, which was fixed in 2021-06-10 6.5 MISC 
6.3.0.03. MISC 
Trace Financial CRESTBridge <6.3.0.02 contains an CVE-2020-24671 
tracefinanacial -- crestbridge authenticated SQL injection vulnerability, which was fixed in 2021-06-10 6.5 MISC 
6.3.0.03. MISC 
. : Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 CONFIRM 
MiiSsbalieeANIlesiiel allows denial of service via packet injection or crafted capture file ete \-Oeeet 5 MISC 
MISC 
Back to top 
Low Vulnerabilities 
Primary «gs ; CVSS Source & Patch 
Vendor -- Product PeseMpuen PHplished Score | Info 
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) CVE-2020-36139 
bloofox -- bloofoxcms vulnerability by inserting a XSS payload within the 'fileur!' 2021-06-04 3.5 MISC... 
parameter. aa 
Multiple storage XSS vulnerabilities were discovered on BF-430, CVE-2021-31250 
F ' BF-431 and BF-450M TCP/IP Converter devices from CHIYU MISC 
chiyurtech <'bF-490. Amware Technology Inc due to a lack of sanitization of the input on the ene |-0e-e 38 MISC 
components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi. MISC 
The iFlyChat - WordPress Chat plugin through 4.6.4 does not CVE-2021-24343 
iflychat -- iflychat sanitise its APP ID setting before outputting it back in the page, 2021-06-07 3.5 CONFIRM 
leading to an authenticated Stored Cross-Site Scripting issue 
microsoft -- : ‘ Microsoft Defender Denial of Service Vulnerability 2021-06-08 24 Lead ete 
malware_protection_engine MISC 
microsoft -- windows_10 Windows Kernel Information Disclosure Vulnerability 2021-06-08 2.1 is =31955 
microsoft -- windows_10 Windows Bind Filter Driver Information Disclosure Vulnerability 2021-06-08 21 ami =31960 
microsoft -- windows_10 Windows TCP/IP Driver Security Feature Bypass Vulnerability 2021-06-08 Z1 [a =31970 
microsoft -- windows_10 Event Tracing for Windows Information Disclosure Vulnerability 2021-06-08 2.1) oe =a1972 
OpenVPN Access Server 2.8.7 and earlier versions allows a 
openvpn -- remote attackers to bypass authentication and access control 2021-06-04 35 — 
Openvpn_access_server channel data on servers configured with deferred authentication, isons MISC 
which can be used to potentially trigger further information leaks. a= 
; : i P CVE-2020-24663 
tracefinanacial -- crestbridge Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS 2021-06-10 3.5 MISC 
vulnerability, which was fixed in 6.3.0.03. MISC 
: ; : : CVE-2020-24668 
tracefinancial -- crestbridge Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS 2021-06-10 3.5 MISC 
vulnerability, which was fixed in 6.3.0.03. MISC 
Back to top 
Severity Not Yet Assigned 
Primary er ‘ CVvss Source & Patch 
Vendor -- Product Resenpuen Paplisned Score Info 
































https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e3f874 


8/46 


6/15/2021 


Vulnerability Summary for the Week of June 7, 2021 














































































































Primary a 2 : Cvss Source & Patch 
Vendor -- Product PesenpHell Pabiishen Score Info 
A heap overflow in LzmaUefiDecompressGetInfo function in EDK 2021-06-11 not yet |CVE-2021-28211 
edk2 -- edk2 Il. calculated MISC 
An issue was discovered in 2sic 2sxc before 11.22. A XSS oo 
2sic -- 2sxc vulnerability in the sxcver parameter of dnn/ui.html allows an 2021-06-07 not yet MISC 
attacker to craft a malicious URL that executes a JavaScript calculated CONFIRM 
payload in a victim's browser. MISC. 
Ne Windows Kernel-Mode Driver Elevation of Privilege Vulnerability || 2021-06-08 hot yet |e eerie ieoZ 
calculated MISC 
accela -- civic_platform Accela Civic Platform through 20.1 allows 2021-06-09 not yet |CVE-2021-34370 
ssoAdapter/logoutAction.do successURL XSS. calculated MISC 
a portlets/contact/ref/refContactDetail.do in Accela Civic Platform : 
accsla = ohvic. pletion through 20.1 allows remote attackers to obtain sensitive 2021-06-09 ve |e 
b : : Ps calculated ||MISC 
information via a modified contactSeqNumber value. 
An Insecure Direct Object Reference (IDOR) vulnerability in 
accenture -- Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any nat vet CVE-2021-31927 
annex_cloud_loyalty_experience_plgtfdtranticated attacker to modify any existing user, including 2021-06-10 y MISC 
: ; : : ‘ calculated 
users assigned to different environments and clients. It was fixed MISC 
in v2021.1.0.2. 
accenture -- Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any natvet CVE-2021-31928 
annex_cloud_loyalty_experience_pleifdtrenticated attacker to escalate privileges to 2021-06-10 ma ted MISC 
superadministrator. It was fixed in v2021.1.0.2. MISC 
Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any 
poco : authenticated attacker to modify loyalty campaigns and settings, not yet —— 
annex_cloud_loyalty_experience_platform ; 3 2021-06-10 MISC 
such as fraud prevention, coupon groups, email templates, or calculated MISC 
referrals. pe 
An improper array index validation vulnerability exists in the TIF 
IP_planar_raster_unpack functionality of Accusoft ImageGear 
accusoft -- imagegear 19.9. A specially crafted malformed file can lead to an out-of- 2021-06-11 hot yet GVE-2021-21639 
: . aa . : calculated MISC 
bounds write. An attacker can provide a malicious file to trigger 
this vulnerability. 
A heap-based buffer overflow vulnerability exists in the PSD 
: read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. 
accuson -madegea A specially crafted malformed file can lead to an integer overflow || 2021-06-11 a a ae — 
that, in turn, leads to a heap buffer overflow. An attacker can os 
provide a malicious file to trigger this vulnerability. 
[A memory corruption vulnerability exists in the PNG 
-_ png_palette_process functionality of Accusoft ImageGear 19.9. A : . 
accusoft -- imagegear specially crafted malformed file can lead to a heap buffer 2021-06-11 ce a 
; a : ; : calculated ||MISC 
overflow. An attacker can provide malicious inputs to trigger this 
vulnerability. 
An out-of-bounds write vulnerability exists in the JPG 
: Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A 
accusoft — Imagegear specially crafted malformed file can lead to memory corruption. 2021-06-11 hot yet eae 
: a : p ; calculated ||MISC 
An attacker can provide a malicious file to trigger this 
vulnerability. 
sac The affected product is vulnerable to a SQL injection, which may 
aay anh seny vee allow an unauthorized attacker to disclose information on the 2021-06-11 Rh oe — 
iView (versions prior to v5.7.03.6182). ieee 
The affected product's configuration is vulnerable due to missing 
advantech -- iview authentication, which may allow an attacker to change 2021-06-11 not yet |CVE-2021-32930 
configurations and execute arbitrary code on the iView (versions calculated ||MISC 
prior to v5.7.03.6182). 
advantech -- webaccess Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the not yet a 
2021-06-11 MISC 
username column of the bwRoot.asp page of WADashboard. calculated MISC 
CVE-2021-26313 
Potential speculative code store bypass in all supported CPU +s 
amd -- cpu_products products, in conjunction with software vulnerabilities relating to 2021-06-09 not yet CONFIRM 
speculative execution of overwritten instructions, may cause an calculated MLIST 
incorrect speculation and could result in data leakage. MLIST 
MLIST 
Potential floating point value injection in all supported CPU 
products, in conjunction with software vulnerabilities relating to CVE-2021-26314 
amd -- cpu_products : : Fb ‘ f; not yet MISC 
speculative execution with incorrect floating point results, may 2021-06-09 
i : calculated ||MLIST 
cause the use of incorrect data from FPVI and may result in data MLIST 








leakage. 
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Prima wr : Ccvss Source & Patch 
Vendor -- Product Peecupienl Papilsher Score Info 
A flaw was found in Ansible if an ansible user sets 
IANSIBLE_ASYNC_DIR to a subdirectory of a world writable 
‘ : directory. When this occurs, there is a race condition on the 
Sneiniaee anes managed machine. A malicious, non-privileged account on the 2021-06-09 hot yet |CVE2021-3535 
: : i calculated ||MISC 
remote machine can exploit the race condition to access the 
async result data. This flaw affects Ansible Tower 3.7 and Ansible 
[Automation Platform 1.2. 
A flaw was found in Ansible where the secret information present 
in async_files are getting disclosed when the user changes the 
ansible -- ansible jobdir to a world readable directory. Any secret information in an 2021-06-09 not yet |CVE-2021-3532 
async status file will be readable by a malicious user on that calculated ||MISC 
system. This flaw affects Ansible Tower 3.7 and Ansible 
Automation Platform 1.2. 
In Apache APISIX Dashboard version 2.6, we changed the 
default value of listen host to 0.0.0.0 in order to facilitate users to 
configure external network access. In the IP allowed list CVE-2021-33190 
apache -- apisix_dashboard restriction, a risky function was used for the IP acquisition, which 2021-06-08 not yet CONFIRM 
made it possible to bypass the network limit. At the same time, calculated ||MLIST 
the default account and password are fixed.Ultimately these MLIST 
factors lead to the issue of security risks. This issue is fixed in 
APISIX Dashboard 2.6.1 
CVE-2021-26690 
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted CONFIRM 
apache -- http_server Cookie header handled by mod_session can cause a NULL 2021-06-10 not yet CONFIRM 
pointer dereference and crash, leading to a possible Denial Of calculated 
Service 
CVE-2021-26691 
apache -- http_server In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially not yet Care EE 
crafted SessionHeader sent by an origin server could cause a 2021-06-10 Cie 
haae ovemiOW calculated ||MLIST 
P MLIST 
MLIST 
[Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted 
Digest nonce can cause a stack overflow in mod_auth_digest. aa 
apache -- http_server There is no report of this overflow being exploitable, nor the not yet CONFIRM 
= Apache HTTP Server team could create one, though some 2021-06-10 reTa << 
: : pee : : , calculated ||MLIST 
particular compiler and/or compilation option might make it MLIST 
possible, with limited consequences anyway due to the size (a MLIST 
single byte) and the value (zero byte) of the overflow ———— 
CVE-2020-13938 
CONFIRM 
apache -- http_server Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local 2021-06-10 not yet CONFIRM 
users can stop httpd on Windows calculated ||MLIST 
MLIST 
MLIST 
CVE-2020-13950 
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http CONFIRM 
apache -- http_server can be made to crash (NULL pointer dereference) with specially 2021-06-10 not yet CONFIRM 
crafted requests using both Content-Length and Transfer- calculated ||MLIST 
Encoding headers, leading to a Denial of Service MLIST 
MLIST 
[Apache HTTP Server versions 2.4.6 to 2.4.46 CVE-2019-17567 
mod_proxy_wstunnel configured on an URL that is not CONFIRM 
apache -- http_server necessarily Upgraded by the origin server was tunneling the 2021-06-10 not yet CONFIRM 
whole connection regardless, thus allowing for subsequent calculated ||MLIST 
requests on the same connection to pass through with no HTTP MLIST 
validation, authentication or authorization possibly configured. MLIST 
CVE-2021-30641 
CONFIRM 
apache -- http_server_versions Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected 2021-06-10 not yet CONFIRM 
matching behavior with 'MergeSlashes OFF' calculated ||MLIST 
MLIST 
MLIST 
































https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e3f874 





10/46 





6/15/2021 


Vulnerability Summary for the Week of June 7, 2021 

































































Primary er : CVvss Source & Patch 
Vendor -- Product PescapHel Papilsher Score Info 
CVE-2021-31811 
MISC 
MLIST 
MLIST 
, : MLIST 
In Apache PDFBox, a carefully crafted PDF file can trigger an aa bE 
apaene = natbex OutOfMemory-Exception while loading the file. This issue affects || 2021-06-12 a a hee 
[Apache PDFBox version 2.0.23 and prior 2.0.x versions. MLIST 
MLIST 
MLIST 
MLIST 
MLIST 
CVE-2021-31812 
MISC 
MLIST 
MLIST 
’ : MLIST 
In Apache PDFBox, a carefully crafted PDF file can trigger an rare 
Bpache = pamnex infinite loop while loading the file. This issue affects Apache 2021-06-12 Se det ries 
PDFBox version 2.0.23 and prior 2.0.x versions. Waynes 
MLIST 
MLIST 
MLIST 
MLIST 
MLIST 
The number range searcher component in Jira Server and Jira 
atlassian -- Data Center before version 8.5.14, from version 8.6.0 before 
\jira_server_and_data_center version 8.13.6, and from version 8.14.0 before version 8.16.1 2021-06-07 a oo 
allows remote attackers inject arbitrary HTML or JavaScript via a ippemarens 
cross site scripting (XSS) vulnerability. 
The CardLayoutConfigTable component in Jira Server and Jira 
atlassian -- Data Center before version 8.5.15, and from version 8.6.0 before not yet |ICVE-2021-26079 
\jira_server_and_data_center version 8.13.7, and from version 8.14.0 before 8.17.0 allows 2021-06-07 idles MISC... 
remote attackers to inject arbitrary HTML or JavaScript via a =< 
cross site scripting (XSS) vulnerability. 
EditworkflowScheme.jspa in Jira Server and Jira Data Center 
atlassian -- before version 8.5.14, and from version 8.6.0 before version 
\jira_server_and_data_center 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to || 2021-06-07 Bk aie oe 
inject arbitrary HTML or JavaScript via a cross site scripting oo 
(XSS) vulnerability. 
The ATOM (ATOM - Smart life App for Android versions prior to 
1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2) nat vet CVE-2021-20732 
atom -- atom does not verify server certificate properly, which allows man-in- 2021-06-09 ean irae MISC 
the-middle attackers to eavesdrop on encrypted communication MISC 
via a crafted certificate. 
authO-lock is AuthO's signin solution. Versions of nauthO-lock 
before and including *11.30.0° are vulnerable to reflected XSS. 
An attacker can execute arbitrary code when the library's 
“flashMessage’ feature is utilized and user input or data from VE 2021-32641 
authO -- lock ate : : ‘ not yet MISC 
URL parameters is incorporated into the “flashMessage’ or the 2021-06-04 calculated MISC 
library's ‘languageDictionary’ feature is utilized and user input or CONFIRM 
data from URL parameters is incorporated into the aaa 
‘languageDictionary’. The vulnerability is patched in version 
11.30.1. 
The vulnerability could expose cleartext credentials from AVEVA CVE-2021-32942 
aveva -- intouch_runtime_2020_r2 |lInTouch Runtime 2020 R2 and all prior versions (WindowViewer) notyet jinaaa:- 
: : i ‘ ; 2021-06-09 MISC 
if an authorized, privileged user creates a diagnostic memory calculated MISC 
dump of the process and saves it to a non-protected location. oe 
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an 
elevation of privileges vulnerability which can be used by an 
battle.net -- battle.net "Authenticated User" to modify the existing executable file with a 2021-06-09 not yet |CVE-2020-27383 
binary of his choice. The vulnerability exist due to weak set of calculated ||MISC 
permissions being granted to the "Authenticated Users Group" 
which grants the (F) Flag aka "Full Control" 
On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the 
bas oi BIG-IQ Configuration utility has an authenticated remote 
BigP = 'Bigsiq command execution vulnerability in undisclosed pages. Note: 2021-06-10 aes einai 
Software versions which have reached End of Technical Support laces 
(EoTS) are not evaluated. 
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 
a : 1, the BIG-IP Edge Client Windows Installer Service's temporary 
DIG Ip sedge Cheuk folder has weak file and folder permissions. Note: Software 2021-06-10 ee oo 








versions which have reached End of Technical Support (EoTS) 
are not evaluated. 
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Primary er : CVvss Source & Patch 
Vendor -- Product PelenpHen Pabiisher Score Info 
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 
ae : 1, a DLL hijacking issue exists in cachecleaner.dll included in the 
Pig Ip edge Ciel BIG-IP Edge Client Windows Installer. Note: Software versions 2021-06-10 Rie ie arian 
which have reached End of Technical Support (EoTS) are not eens 
evaluated. 
Improper access control in BlueZ may allow an authenticated 
plage: HINGE user to potentially enable information disclosure via adjacent 2021-06-09 ss aa wo 
Weneee. calculated ||MISC 
The cli_feat_read_cb() function in src/gatt-database.c does not 
pies ilies perform bounds checks on the ‘offset’ variable before using it as 2021-06-10 Pal too ao 
an index into an array for reading. —— 
An authenticated attacker with administrator rights Bosch IP 
: cameras can call an URL with an invalid parameter that causes not yet |CVE-2021-23852 
ponte sap Celvigias the camera to become unresponsive for a few seconds and 2021-06-09 | calculated [CONFIRM 
cause a Denial of Service (DoS). 
An error in the handling of a page parameter in Bosch IP 
a cameras may lead to a reflected cross site scripting (XSS) in the “ne not yet |CVE-2021-23854 
peschi=ip_caligias web-based interface. This issue only affects versions 7.7x and ei calculated ||CONFIRM 
7.6x. All other versions are not affected. 
; In Bosch IP cameras, improper validation of the HTTP header 
poeta 4p faMmielas allows an attacker to inject arbitrary HTTP headers through 2021-06-09 be 4 aS oe 
crafted URLs. siairihiabiel | pena cnanaaiis 
An error in the URL handler Bosch IP cameras may lead to a 
' reflected cross site scripting (XSS) in the web-based interface. 
posin| Ap _Pelviaias An attacker with knowledge of the camera address can send a 2021-06-09 ee ie CotnG 
crafted link to a user, which will execute javascript code in the ———== 
contextoftheuser, 
A Missing Authentication in Critical Function in Bosch IP cameras 
allows an unauthenticated remote attacker to extract sensitive 
. information or change settings of the camera by sending crafted 
popcii= ip _aMmioias requests to the device. Only devices of the CPP6, CPP7 and 2021-06-09 Be arse ease 
CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 (aaa 
are affected by this vulnerability. Versions 7.62 or lower and 
INTEOX cameras are not affected. 
The host SSH servers of Brocade Fabric OS before Brocade 
; Fabric OS v7.4.2h, v8.2.1¢c, v8.2.2, v9.0.0, and Brocade SANnav 
brocade -- fabric_os before v2.1.1 utilize keys of less than 2048 bits, which may be | 2021-06-09 | TO! Ye! | Meee 
vulnerable to man-in-the-middle attacks and/or insecure SSH teem 
communications. 
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 
brocade -- fabric_os and 8.2.2d may observe high CPU load during security scanning, 2021-06-09 not yet ||CVE-2020-15386 
which could lead to a slower response to CLI commands and calculated ||MISC 
other operations. 
Running security scans against the SAN switch can cause config 
F and secnotify processes within the firmware before Brocade 
brocade -- fabric_os Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory 2021-06-09 aes ee 
leading to denial of service impacts possibly including a switch c= 
panic. 
brocade -- sannav Brocade SANnav before version 2.1.1 contains an Improper 
Authentication vulnerability that allows cleartext transmission of 2021-06-09 Basan wee 
authentication credentials of the jmx server. eae 
brocade -- sannav Brocade SANnav before version 2.1.1 uses a hard-coded 
administrator account with the weak password ‘passwOrd’ if a 2021-06-09 ene ee ae 
password is not provided for PostgreSQL at install-time. (eames 
Brocade SANnav before v.2.1.0a could allow remote attackers 
brocade -- sannav cause a denial-of-service condition due to a lack of proper 2021-06-09 not yet ||CVE-2020-15379 
validation, of the length of user-supplied data as name for custom calculated ||MISC 
field name. 
WSR-1166DHP3 firmware Ver.1.16 and prior and WSR- CVE-2021-20731 
buffalo -- wsr-1166dhp3 1166DHP4 firmware Ver.1.02 and prior allow an attacker to notyet lkveaa 
: : rae : 2021-06-09 MISC 
execute arbitrary OS commands with root privileges via calculated MISC 
unspecified vectors. — 
Improper access control vulnerability in WSR-1166DHP3 CVE-2021-20730 
buffalo -- wsr-1166dhp3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware not yet oan 
: ; : ; 2021-06-09 MISC 
Ver.1.02 and prior allows an attacker to obtain configuration calculated MISC 
information via unspecified vectors. — 
ealipsersealioxo This affects all versions of package calipso. It is possible for a natvet CVE-2021-23391 
P p malicious module to overwrite files on an arbitrary file system 2021-06-07 eerie MISC 
through the module install functionality. MISC 
Sétbarise—— Hie. denver enterorise The Web Client in Cerberus FTP Server Enterprise before Fatvet CVE-2019-25046 
p_Servsrensle 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG 2021-06-10 yer «MISC 
calculated 
document. MISC 
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Improper Authentication vulnerability in the cookie parameter of 
circutor_sge-plc1000 -- Circutor SGE-PLC1000 firmware version 0.9.2b allows an 
circutor_sge-plc1000 attacker to perform operations as an authenticated user. In order || 2021-06-09 
to exploit this vulnerability, the attacker must be within the 
network where the device affected is located. 


A flaw was found in Cloudforms. A role-based privileges 
escalation flaw where export or import of administrator files is 
possible. An attacker with a specific group can perform actions 
restricted only to system administrator. This is the affect of an 2021-06-07 
incomplete fix for CVE-2020-10783. The highest threat from this 
vulnerability is to data confidentiality and integrity. Versions 
before cfme 5.11.10.1 are affected 


A Cross Site Request Forgery (CSRF) issue in Server Console in 





not yet |CVE-2021-33842 
calculated |ICONFIRM 








cloudforms -- cloudforms not yet |CVE-2020-25716 


calculated |IMISC 














Hevetde caver CloverDX through 5.9.0 allows remote attackers to execute any not yet CVE-2021-29995 
action as the logged-in user (including script execution). The 2021-06-09 éalculated CONFIRM 
issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX MISC 
5.8.2, and CloverDX 5.7.1. 

SORMISRAC eo RRA ConnMan (aka Connection Manager) 1.30 through 1.39 has a not yet CVE-2021-33833 
stack-based buffer overflow in uncompress in dnsproxy.c via 2021-06-09 éalculated MLIST 
NAME, RDATA, or RDLENGTH (for A or AAAA). MISC 








[An issue was discovered in CubeCoders AMP before 2.1.1.8. A 

cubecoders -- cubecoders lack of validation of the Java Version setting means that an 2021-06-10 not yet |ICVE-2021-34539 
unintended executable path can be set. The result is that high- calculated ||MISC 

privileged users can trigger code execution. 


curl 7.61.0 through 7.76.1 suffers from exposure of data element 
to wrong session due to a mistake in the code for 
CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the 
Schannel TLS library. The selected cipher set was stored in a 
single "static" variable in the library, which has the surprising 2021-06-11 
side-effect that if an application sets up multiple concurrent 
transfers, the last one that sets the ciphers will accidentally 
control the set used by all transfers. In a worst-case scenario, this 
weakens transport security significantly. 


curl 7.75.0 through 7.76.1 suffers from a use-after-free 
vulnerability resulting in already freed memory being used when 
a TLS 1.3 session ticket arrives over a connection. A malicious 
server can use this in rare unfortunate circumstances to 
potentially reach remote code execution in the client. When 
libcurl at run-time sets up support for TLS 1.3 session tickets on a 
connection using OpenSSL, it stores pointers to the transfer in- 
memory object for later retrieval when a session ticket arrives. If 
the connection is used by multiple transfers (like with a reused 2021-06-11 
HTTP/1.1 connection or multiplexed HTTP/2 connection) that first 
transfer object might be freed before the new session is 
established on that connection and then the function will access a 
memory buffer that might be freed. When using that memory, 
libcurl might even call a function pointer in the object, making it 
possible for a remote code execution if the server could 
somehow manage to get crafted memory content into the correct 
place in memory. 


curl 7.7 through 7.76.1 suffers from an information disclosure 
when the *-t’ command line option, known as 
*CURLOPT_TELNETOPTIONS in libcurl, is used to send CVE-2021-22898 
curl -- curl variable=content pairs to TELNET servers. Due to a flaw in the 2021-06-11 not yet MISC 

option parser for sending NEW_ENV variables, libcurl could be calculated ||MISC 
made to pass on uninitialized data from a stack based buffer to MISC 
the server, resulting in potentially revealing sensitive internal 
information to the server using a clear-text network protocol. 








curl -- curl not yet 


MISC 
calculated |IMISC 
MISC 








CVE-2021-22901 
not yet MISC 

calculated |IMISC 

MISC 


curl -- curl 














Datasette is an open source multi-tool for exploring and 
publishing data. The *?_trace=1° debugging feature in Datasette 
does not correctly escape generated HTML, resulting ina 
[reflected cross-site scripting](https://owasp.org/www- 
community/attacks/xss/#reflected-xss-attacks) vulnerability. This 


ni ean : : ; ; MISC 
vulnerability is particularly relevant if your Datasette installation 
cae eee te includes authenticated features using plugins such as [datasette- || 2021-06-07 hot yet (MISC 
: . ‘ calculated ||MISC 
auth-passwords](https://datasette.io/plugins/datasette-auth- CONFIRM 
passwords) as an attacker could use the vulnerability to access MISC 


protected data. Datasette 0.57 and 0.56.1 both include patches 
for this issue. If you run Datasette behind a proxy you can 
workaround this issue by rejecting any incoming requests with *? 
| trace=" or “&_trace=" in their query string parameters. 
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Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, 
and 19.4.0.1 contain an Improper Certificate Validation 
vulnerability in the client (NetWorker Management Console) 
components which uses SSL encrypted connection in order to 
communicate with the application server. An unauthenticated 
attacker in the same network collision domain as the NetWorker 
Management Console client could potentially exploit this 
vulnerability to perform man-in-the-middle attacks to intercept 
and tamper the traffic between the client and the application 
server. 


Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 
19.4.0.1, contains an Information Disclosure vulnerability. A local 
administrator of the gstd system may potentially exploit this 2021-06-08 
vulnerability to read LDAP credentials from local logs and use the 
stolen credentials to make changes to the network domain. 


Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 
has a potential directory traversal via django.contrib.admindocs. 
Staff members could use the TemplateDetailView view to check 
the existence of arbitrary files. Additionally, if (and only if) the 





not yet |CVE-2021-21559 


2021-06-08 | -aicuiated |ICONFIRM 


dell -- emc_networker 








dell -- emc_networker not yet |CVE-2021-21558 


calculated ||CONFIRM 








CVE-2021-33203 








django -- django default admindocs templates have been customized by 2021-06-08 tes ae ae 

application developers to also show file contents, then not only areas MISC. 

the existence but also the file contents would have been pe 

exposed. In other words, there is directory traversal outside of the 

template root directories. 

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 

3.2.4, URLValidator, validate_ipv4_address, and CVE-2021-33571 
django -- django validate_ipv46_address do not prohibit leading zero characters in 2021-06-08 not yet MISC 

octal literals. This may allow a bypass of access control that is calculated ||MISC 

based on IP addresses. (validate_ipv4_address and CONFIRM 


validate_ipv46_address are unaffected with Python 3.9.5+..) . 


Cross-site scripting vulnerability in | Drupal Core allows an 
attacker could leverage the way that HTML is rendered for 
affected forms in order to exploit the vulnerability. This issue 2021-06-11 
affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions 
prior to 8.9.6; 9.0.X versions prior to 9.0.6. 


Cross Site Request Forgery vulnerability in Drupal Core Form 
API does not properly handle certain form input from cross-site 2021-06-11 
requests, which can lead to other vulnerabilities. 


E-Series SANtricity OS Controller Software 11.x versions prior to 
11.70.1 are susceptible to a vulnerability which when successfully 
exploited could allow a remote attacker to discover information 2021-06-11 
via error messaging which may aid in crafting more complex 
attacks. 


E-Series SANtricity OS Controller Software 11.x versions prior to 
11.70.1 are susceptible to a vulnerability which when successfully 2021-06-11 not yet |ICVE-2021-26993 
exploited could allow a remote attacker to cause a partial Denial calculated ||MISC 

of Service (DoS) to the web server. 


E-Series SANtricity OS Controller Software 11.x versions prior to 








drupal -- core not yet |ICVE-2020-13688 


calculated ||CONFIRM 








drupal -- core not yet |CVE-2020-13663 


calculated |ICONFIRM 








e-series -- 
santricity_os_controller_software 


not yet ||CVE-2021-26997 
calculated |IMISC 








e-series -- 
santricity_os_controller_software 














e-series -- , a ; 
ae 11.70.1 are susceptible to a vulnerability which when successfully not yet |CVE-2021-26995 
santrichy_0s controller software: exploited could allow privileged attackers to execute arbitrary peers) calculated ||MISC 
code. 
E-Series SANtricity OS Controller Software 11.x versions prior to 
e-series -- 11.70.1 are susceptible to a vulnerability which when successfully 
santricity_os_controller_software __ |lexploited could allow a remote attacker to discover system 2021-06-11 not yet |CVE-2021-26996 


configuration and application information which may aid in calculated (MISC 


crafting more complex attacks. 


For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is 
possible for requests to the ConcatServlet with a doubly encoded 
eclipse -- jetty path to access protected resources within the WEB-INF directory. 








not yet |CVE-2021-28169 














For example a request to ‘/concat?/%2557EB-INF/web.xml’ can eee eee calculated ||CONFIRM 
retrieve the web.xml file. This can reveal sensitive information 
regarding the implementation of a web application. 
edk2 -- edk2 Example EDK2 encrypted private key in the lpSecDxe.efi present 2021-06-11 not yet |CVE-2021-28213 
potential security risks. calculated MISC 
eeu An unlimited recursion in DxeCore in EDK II. 2021-06-11 || otyet |CVE-2021-28210 
calculated ||MISC 








EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of 
service attack as a result of excessive memory consumption due 
to the handling of untrusted inputs. These inputs cause the 2021-06-08 
message broker to consume large amounts of memory, resulting 
in the application being terminated by the operating system. 


emtec -- zoc as not yet |CVE-2021-32198 
EmTec ZOC before 8.02.2 allows \e[201~ pastes. 2021-06-06 calculated |IMISC 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e3f874 14/46 


emq_x_broker -- emq_x_broker not yet |CVE-2021-33175 


calculated ||IMISC 
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enerlinox -- comox 


A CWE-269: Improper Privilege Management vulnerability exists 


in EnerlinOX ComOxX versions prior to V6.8.4 that could cause 
disclosure of device configuration information to any 
authenticated user when a specially crafted request is sent to the 
device. 


2021-06-11 


not yet 
calculated 


CVE-2021-22769 
MISC 





estsoft -- unegg 


UnEGG v0.5 and eariler versions have a Integer overflow 
vulnerability, triggered when the user opens a malformed specific 
file that is mishandled by UnEGG. Attackers could exploit this 
and arbitrary code execution. This issue affects: Estsoft UnEGG 
0.5 versions prior to 1.0 on linux. 


2021-06-11 


not yet 
calculated 





CVE-2020-7860 
MISC 








flarum -- flarum 


Flarum is a forum software for building communities. Flarum's 
translation system allowed for string inputs to be converted into 
HTML DOM nodes when rendered. This change was made after 
vO.1.0-beta.16 (our last beta before v1.0.0) and was not noticed 
or documented. This allowed for any user to type malicious 
HTML markup within certain user input fields and have this 
execute on client browsers. The example which led to the 
discovery of this vulnerability was in the forum search box. 
Entering faux-malicious HTML markup, such as 
<script>alert('test')</script> resulted in an alert box appearing on 
the forum. This attack could also be modified to perform AJAX 
requests on behalf of a user, possibly deleting discussions, 
modifying their settings or profile, or even modifying settings on 
the Admin panel if the attack was targetted towards a privileged 
user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are 
impacted. The vulnerability has been fixed and published as 
flarum/core v1.0.2. All communities running Flarum v1.0 have to 
upgrade as soon as possible to v1.0.2. 


2021-06-07 


not yet 
calculated 


CVE-2021-32671 
MISC 

CONFIRM 

MISC 








flask-appbuilder -- flask-appbuilder 


Flask-AppBuilder is a development framework, built on top of 
Flask. User enumeration in database authentication in Flask- 
AppBuilder <= 3.2.3. Allows for a non authenticated user to 
enumerate existing accounts by timing the response time from 
the server when you are logging in. Upgrade to version 3.3.0 or 
higher to resolve. 


2021-06-07 


not yet 
calculated 


CVE-2021-29621 








foreman_project -- foreman_project 


A flaw was found in the Foreman project. The Proxmox compute 
resource exposes the password through the API to an 
authenticated local attacker with view_hosts permission. The 
highest threat from this vulnerability is to data confidentiality and 
integrity as well as system availability. Versions before 
foreman_fog_proxmox 0.13.1 are affected 


2021-06-07 


not yet 
calculated 


CVE-2021-20259 
MISC 








fxbin -- bubble-fireworks 


bubble fireworks is an open source java package relating to 
Spring Framework. In bubble fireworks before version 
2021.BUILD-SNAPSHOT there is a vulnerability in which the 
package did not properly verify the signature of JSON Web 
Tokens. This allows to forgery of valid JWTs. 


2021-06-04 


not yet 
calculated 


CVE-2021-29500 
CONFIRM 





gallagher -- 
command_centre_server 


Improper Encoding or Escaping in Gallagher Command Centre 


Server allows a Command Centre Operator to alter the 
configuration of Controllers and other hardware items beyond 
their privilege. This issue affects: Gallagher Command Centre 
8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 
8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 
8.10 and prior versions. 


2021-06-11 


not yet 
calculated 





CVE-2021-23205 
MISC 








gallagher -- 
command_centre_server 


A SQL Injection vulnerability in the OPCUA interface of Gallagher 
Command Centre allows a remote unprivileged Command Centre 
Operator to modify Command Centre databases undetected. This 
issue affects: Gallagher Command Centre 8.40 versions prior to 
8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 
versions prior to 8.20.1259 (MRS5); 8.10 versions prior to 
8.10.1284 (MR7); version 8.00 and prior versions. 


2021-06-11 


not yet 
calculated 


CVE-2021-23230 
MISC 








gallagher -- 
command_centre_server 


Cleartext Storage of Sensitive Information in Memory vulnerability 
in Gallagher Command Centre Server allows Cloud end-to-end 
encryption key to be discoverable in server memory dumps. This 
issue affects: Gallagher Command Centre 8.40 versions prior to 
8.40.1888 (MR3). 


2021-06-11 


not yet 
calculated 


CVE-2021-23211 
MISC 








gallagher -- 
command_centre_server 


Cleartext Storage of Sensitive Information in Memory vulnerability 
in Gallagher Command Centre Server allows OSDP reader 
master keys to be discoverable in server memory dumps. This 
issue affects: Gallagher Command Centre 8.40 versions prior to 
8.40.1888 (MR3); All versions of 8.30. 


2021-06-11 


not yet 
calculated 


CVE-2021-23182 
MISC 





gallagher -- 
command_centre_server 











Exposure of Sensitive Information to an Unauthorized Actor 
vulnerability in Gallagher Command Centre Server allows OSDP 
key material to be exposed to Command Centre Operators. This 
issue affects: Gallagher Command Centre 8.40 versions prior to 
8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3). 








2021-06-11 








not yet 
calculated 








CVE-2021-23204 
MISC 
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Improper Authorization vulnerability in Gallagher Command 
dlisahers Centre Server allows command line macros to be modified by an 
ell a Gene Bawet unauthorised Command Centre Operator. This issue affects: 2021-06-11 not yet |CVE-2021-23140 
= = Gallagher Command Centre 8.40 versions prior to 8.40.1888 calculated MISC 
(MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions 
prior to 8.20.1259 (MR5); version 8.10 and prior versions. 
Improper Authorization vulnerability in Gallagher Command 
Allaahere Centre Server allows macro overrides to be performed by an 
Bact sentra Sena: unprivileged Command Centre Operator. This issue affects: 2021-06-11 not yet |CVE-2021-23136 
= = Gallagher Command Centre 8.40 versions prior to 8.40.1888 calculated ||MISC 
(MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions 
prior to 8.20.1259 (MRS5); version 8.10 and prior versions. 
‘An information disclosure vulnerability in GitLab EE versions natvet CVE-2021-22215 
gitlab -- gitlab 13.11 and later allowed a project owner to leak information about || 2021-06-08 ieee MISC 
the members' on-call rotations in other projects CONFIRM 
All versions of GitLab CE/EE starting with 12.8 were affected by net vat none 
gitlab -- gitlab an issue in the handling of x509 certificates that could be used to || 2021-06-08 y hice 
; ; calculated ||MISC 
spoof author of signed commits. 
MISC 
A cross-site leak vulnerability in the OAuth flow of all versions of CVE-2021-22213 
F ; GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth not yet MISC 
gitlab ~ gitlab access token by getting the victim to visit a malicious page with 2021-06-08 |! -aicuiated MISC 
Safari CONFIRM 
A denial of service vulnerability in all versions of GitLlab CE/EE CVE-2021-22217 
; : before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause not yet MISC 
tab gnlae uncontrolled resource consumption with a specially crafted issue 2021-06-08 | -aicuiated |CONFIRM 
or merge request MISC 
When requests to the internal network for webhooks are enabled, 
itlab -- gitlab a server-side request forgery vulnerability in Gitlab CE/EE notvet foo 
9 9 affecting all versions starting from 10.5 was possible to exploit for || 2021-06-08 y ales 
; : : calculated MISC 
an unauthenticated attacker even on a GitLab instance where 
: a ee CONFIRM 
registration is limited 
When requests to the internal network for webhooks are enabled, 
F : a server-side request forgery vulnerability in GitLab affecting all a 
gitlab -- gitlab ; ; : : not yet MISC 
versions starting from 10.5 was possible to exploit for an 2021-06-11 
: : : calculated ||MISC 
unauthenticated attacker even on a GitLab instance where 
: eset CONFIRM 
registration is disabled 
itlab -- gitlab ‘A denial of service vulnerability in GitLab CE/EE affecting all riot vet CVE-2021-22181 
9 9 versions since 11.8 allows an attacker to create a recursive 2021-06-11 Rrra MISC 
pipeline relationship and exhaust resources. CONFIRM 
An issue has been discovered in GitLab affecting all versions 
starting from 12.9.0 before 13.10.5, all versions starting from CVE-2021-22221 
gitlab -- gitlab 13.11.0 before 13.11.5, all versions starting from 13.12.0 before notyet lAaniciom 
bas : ees : 2021-06-08 CONFIRM 
13.12.2. Insufficient expired password validation in various calculated MISC 
operations allow user to maintain limited access after their hana 
password expired 
itlab -- aitlab GitLab CE/EE since version 9.5 allows a high privilege user to datvet CVE-2021-22219 
9 9 obtain sensitive information from log files because the sensitive 2021-06-08 Pup area CONFIRM 
information was not correctly registered for log masking. MISC 
A denial of service vulnerability in all versions of GitLab CE/EE CVE-2021-22216 
gitlab -- gitlab before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause notyet |Aweess 
; : : 2021-06-08 CONFIRM 
uncontrolled resource consumption with a very long issue or calculated MISC 
merge request description (amma 
In memory management driver, there is a possible out of bounds 
write due to a missing bounds check. This could lead to local 
google -- android escalation of privilege with no additional execution privileges 2021-06-11 ee non 
needed. User interaction is not needed for exploitation.Product: [py 
AndroidVersions: Android SoCAndroid ID: A-183464866 
In BinderDiedCallback of MediaCodec.cpp, there is a possible 
memory corruption due to a use after free. This could lead to . : 
google -- android local escalation of privilege with no additional execution privileges!) 2021-06-11 tes oo 
needed. User interaction is not needed for exploitation.Product: laeeacns 
AndroidVersions: Android-11Android ID: A-173791720 
In memory management driver, there is a possible memory 
corruption due to a use after free. This could lead to local : 3 
google -- android escalation of privilege with no additional execution privileges 2021-06-11 ee ii eral 








needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-183467912 
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google -- android 


In onActivityResult of EditUserPhotoController.java, there is a 


possible access of unauthorized files due to an unexpected URI 
handler. This could lead to local escalation of privilege with no 
additional execution privileges needed. User interaction is 
needed for exploitation.Product: AndroidVersions: Android-8.1 
Android-9 Android-10 Android-11Android ID: A-172939189 


2021-06-11 


not yet 
calculated 


MISC 


CVE-2021-0481 








google -- android 


In readVector of IMediaPlayer.cpp, there is a possible read of 
uninitialized heap data due to a missing bounds check. This 
could lead to local information disclosure with no additional 
execution privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-9 Android-10 
Android-11 Android-8.1Android ID: A-173720767 


2021-06-11 


not yet 
calculated 


CVE-2021-0484 
MISC 








google -- android 


In getMinimalSize of PipBoundsAlgorithm.java, there is a 
possible bypass of restrictions on background processes due to a 
permissions bypass. This could lead to local escalation of 
privilege with no additional execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-174302616 


2021-06-11 


not yet 
calculated 


CVE-2021-0485 
MISC 








google -- android 


In createPendingIntent of SnoozeHelper.java, there is a possible 
broadcast intent containing a sensitive identifier. This could lead 
to local information disclosure with no additional execution 
privileges needed. User interaction is needed for 
exploitation.Product: AndroidVersions: Android-10 Android-11 
Android-8.1 Android-9Android ID: A-174493336 


2021-06-11 


not yet 
calculated 


CVE-2021-0480 
MISC 








google -- android 


In notifyScreenshotError of 
ScreenshotNotificationsController.java, there is a possible 
permission bypass due to an unsafe PendingIntent. This could 
lead to local escalation of privilege with User execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-10 Android-11 Android-8.1 Android- 
9Android ID: A-178189250 


2021-06-11 


not yet 
calculated 


CVE-2021-0477 
MISC 








google -- android 


In onCreate of CalendarDebugActivity.java, there is a possible 
way to export calendar data to the sdcard without user consent 
due to a tapjacking/overlay attack. This could lead to local 
escalation of privilege with User execution privileges needed. 
User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-174046397 


2021-06-11 


not yet 
calculated 


CVE-2021-0487 
MISC 








google -- android 


In FindOrCreatePeer of btif_av.cc, there is a possible use after 
free due to a race condition. This could lead to local escalation of 
privilege with no additional execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11 Android-9 Android-10Android ID: A- 
169252501 


2021-06-11 


not yet 
calculated 


CVE-2021-0476 
MISC 








google -- android 


In on_l2cap_data_ind of btif_sock_I2cap.cc, there is possible 
memory corruption due to a use after free. This could lead to 
remote code execution over Bluetooth with no additional 
execution privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11 Android- 
10Android ID: A-175686168 


2021-06-11 


not yet 
calculated 


CVE-2021-0475 
MISC 








google -- android 


In avrc_msg_cback of avrc_api.cc, there is a possible out of 
bounds write due to a heap buffer overflow. This could lead to 
remote code execution with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11 Android-8.1 Android-9 Android- 
10Android ID: A-177611958 


2021-06-11 


not yet 
calculated 


CVE-2021-0474 
MISC 








google -- android 


In rw_t3t_process_error of rw_t3t.cc, there is a possible double 
free due to uninitialized data. This could lead to remote code 
execution over NFC with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-9 Android-10 Android-11 Android- 
8.1Android ID: A-179687208 


2021-06-11 


not yet 
calculated 


CVE-2021-0473 
MISC 








google -- android 


In memory management driver, there is a possible out of bounds 
write due to a missing bounds check. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-183464868 


2021-06-11 


not yet 
calculated 


CVE-2021-0490 
MISC 








google -- android 











In memory management driver, there is a possible escalation of 
privilege due to a missing permission check. This could lead to 
local escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 





AndroidVersions: Android SoCAndroid ID: A-183461315 
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2021-06-11 








not yet 
calculated 


CVE-2021-0491 
MISC 
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Primary er : Cvss Source & Patch 
Vendor -- Product ee ee Papilsher eee ee | 
In memory management driver, there is a possible out of bounds 
‘ write due to a missing bounds check. This could lead to local 
Quegle + andnaid escalation of privilege with no additional execution privileges 2021-06-11 Piet i ade 
needed. User interaction is not needed for exploitation.Product: fememeses 
AndroidVersions: Android SoCAndroid ID: A-183459078 
In memory management driver, there is a possible out of bounds 
. write due to a missing bounds check. This could lead to local 
google =anarol escalation of privilege with no additional execution privileges 2021-06-11 Pie son os 
needed. User interaction is not needed for exploitation.Product: eo 
AndroidVersions: Android SoCAndroid ID: A-183461317 
In memory management driver, there is a possible out of bounds 
: write due to an integer overflow. This could lead to local 
goede sandra escalation of privilege with no additional execution privileges 2021-06-11 ad 1 
needed. User interaction is not needed for exploitation.Product: pe 
AndroidVersions: Android SoCAndroid ID: A-183461318 
In shouldLockKeyguard of LockTaskController.java, there is a 
possible way to exit App Pinning without a PIN due to a 
_ : permissions bypass. This could lead to local escalation of : as 
poole -anereld privilege with no additional execution privileges needed. User 2021-06-11 ee Meee 
interaction is not needed for exploitation.Product: ipsa 
AndroidVersions: Android-11 Android-9 Android-10Android ID: A- 
LS nas 
In memory management driver, there is a possible out of bounds 
: write due to uninitialized data. This could lead to local escalation 
BOOGIE =-ananolg of privilege with no additional execution privileges needed. User 2021-06-11 Pi ele oo 
interaction is not needed for exploitation.Product: = 
AndroidVersions: Android SoCAndroid ID: A-183459083 
In memory management driver, there is a possible memory 
= ; corruption due to a double free. This could lead to local : : 
oeglesanenord escalation of privilege with no additional execution privileges 2021-06-11 Ste aoe 
needed. User interaction is not needed for exploitation.Product: ii 
AndroidVersions: Android SoCAndroid ID: A-183461321 
Improper access control vulnerability in goo blog App for Android CVE-2021-20728 
google -- android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a notyet |aex 
; ieee 2021-06-09 MISC 
remote attacker to lead a user to access an arbitrary website via calculated MISC 
the vulnerable App. ee 
In startlpClient of ClientModelmpl.java, there is a possible 
identifier which could be used to track a device. This could lead 
google -- android to remote information disclosure to a proximal attacker, with no 2021-06-11 not yet /|CVE-2021-0466 
additional execution privileges needed. User interaction is not calculated ||MISC 
needed for exploitation.Product: AndroidVersions: Android- 
10Android ID: A-154114734 
In /proc/net of the kernel filesystem, there is a possible 
information leak due to a permissions bypass. This could lead to 
google -- android local information disclosure with no additional execution 2021-06-11 not yet |CVE-2019-9475 
privileges needed. User interaction is not needed for calculated ||MISC 
exploitation.Product: AndroidVersions: Android-10Android ID: A- 
9496886 
In memory management driver, there is a possible memory 
2 . corruption due to a use after free. This could lead to local i ij 
poodle = android escalation of privilege with no additional execution privileges 2021-06-11 Bie se oo 
needed. User interaction is not needed for exploitation.Product: po 
AndroidVersions: Android SoCAndroid ID: A-183461320 
An attacker can modify the address to point to trusted memory to 
google -- asylo overwrite arbitrary trusted memory. It is recommended to update 2021-06-08 not yet |CVE-2021-22549 
past 0.6.2 or git commit calculated ||MISC 
https://github.com/google/asylo/commit/53ed5d8fd8 118ced1466e909606dd2f473707a5c 
An attacker can modify the pointers in enclave memory to 
google -- asylo overwrite arbitrary memory addresses within the secure enclave. 2021-06-08 not yet |CVE-2021-22550 
It is recommended to update past 0.6.3 or git commit calculated ||MISC 
https://github.com/google/asylo/commit/a47 ef55db2337d29de1 9c40cd29b0deb28/7 1d31c 
PS:i/Q goog y 
An attacker can change the pointer to untrusted memory to point 
to trusted memory region which causes copying trusted memory 
google -- asylo to trusted memory, if the latter is later copied out, it allows for 2021-06-08 not yet |CVE-2021-22548 
reading of memory regions from the trusted region. It is calculated ||MISC 
recommended to update past 0.6.2 or git commit 
https://github.com/google/asylo/commit/53ed5d8fd8 118ced1466e909606dd2f473707a5c 
source home cloud system. Due to a timeout issue the Android CVE-2021-32658 
google -- nextcloud_android client may not properly clean all sensitive data on account 2021-06-08 not yet |CONFIRM 
removal. This could include sensitive key material such as the calculated ||MISC 
End-to-End encryption keys. It is recommended that the MISC 
Nextcloud Android App is upgraded to 3.16.1 
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Primary ar : Cvss Source & Patch 
Vendor -- Product PescmpHell Pabiisher Score Info 
The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers 
from an elevation of privileges vulnerability which can be used by 
F , an "Authenticated User" to modify the existing executable file with 
OUIIG Wate 2 Guild Was a binary of his choice. The vulnerability exist due to the improper || 2021-06-09 Ree Mee 
permissions, with the 'F' flag (Full Control) for 'Everyone' group, ———* 
making the entire directory 'Guild Wars 2' and its files and sub- 
dirs world-writable. 
An issue was discovered in Hitachi ID Bravura Security Fabric 
11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When 
using federated identity management (authenticating via SAML 
hitachi -- through a third-party identity provider), an attacker can inject CVE-2021-3196 
id: Wraviika Security fabite additional data into a signed SAML response being transmitted to 2021-06-09 not yet MISC 
= = y_ the service provider (ID Bravura Security Fabric). The application calculated ||CONFIRM 
successfully validates the signed values but uses the unsigned CONFIRM 
malicious values. An attacker with lower-privilege access to the 
application can inject the username of a high-privilege user to 
impersonate that user. 
IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML 
ibm -- External Entity Injection (XXE) attack when processing XML data. notvat CVE-2020-5003 
financial_transaction_manager A remote attacker could exploit this vulnerability to expose 2021-06-11 y CONFIRM 
cats : calculated 
sensitive information or consume memory resources. IBM X- XE 
Force ID: 192956. 
P : IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM CVE-2021-20396 
lamin qielgak Sam QRadar SIEM allows web pages to be stored locally which can 2021-06-11 Pc ice CONFIRM 
be read by another user on the system. IBM X-Force ID: 196009. XE 
; IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
ne “ Were: Spvlication ‘sewer vulnerable to a privilege escalation vulnerability when using the 2021-06-11 not yet Open 
Br —2Pp = SAML Web Inbound Trust Association Interceptor (TAI). IBM X- calculated XF 
Force ID: 202006. ff 
In |CEcoder 8.0 allows, a reflected XSS vulnerability was 
icecoder -- icecoder identified in the multipe-results.php page due to insufficient 2021-06-08 not yet Too 
sanitization of the _GET['replace'] variable. As a result, arbitrary calculated MISC 
Javascript code can get executed. = 
A CWE-416: Use after free vulnerability exists inIGSS Definition 
; Abhi (Def.exe) V15.0.0.21140 and prior that could result in loss of data nk. not yet |CVE-2021-22759 
inigss — definition or remote code execution due to use of unchecked input data, anes calculated |IMISC 
when a malicious CGF file is imported to IGSS Definition. 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS 
Definition (Def.exe) V15.0.0.21140 and prior that could result in 
inlgss -- definition loss of data or remote code execution due to missing size 2021-06-11 Pie ele al 
checks, when a malicious WSP (Workspace) file is being parsed femapeaoraes 
by IGSS Definition. 
A CWE-125: Out-of-bounds read vulnerability exists inIGSS 
Definition (Def.exe) V15.0.0.21140 and prior that could result in 
inlgss -- definition disclosure of information or remote code execution due to lack of || 2021-06-11 ee Mae 
user-supplied data validation, when a malicious CGF file is = 
imported to IGSS Definition. 
A CWE-22: Improper Limitation of a Pathname to a Restricted 
: are Directory vulnerability exists inIGSS Definition (Def.exe) 
nig ee = OPriniticin V15.0.0.21140 and prior that could result in remote code 2021-06-11 | Totyet eo 
execution, when a malicious CGF or WSP file is being parsed by == 
IGSS Definition. 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS 
; ‘are Definition (Def.exe) V15.0.0.21140 and prior that could result in 
Inlss Ge Rnttion disclosure of information or remote code execution due to lack of || 2021-06-11 ed oo 
sanity checks on user-supplied data, when a malicious CGF file eae 
is imported to IGSS Definition. 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS 
. ae Definition (Def.exe) V15.0.0.21140 and prior that could result in 
inigss -- definition loss of data or remote code execution due to lack of proper 2021-06-11 ee Mee 
validation of user-supplied data, when a malicious CGF file is fe 
imported to IGSS Definition. 
A CWE-125: Out-of-bounds read vulnerability exists inIGSS 
: are Definition (Def.exe) V15.0.0.21140 and prior that could result in 
inlgss definition loss of data or remote code execution due to missing length 2021-06-11 os io eainaaeeia 
checks, when a malicious WSP file is being parsed by IGSS == 
Definition. 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS 
F a Definition (Def.exe) V15.0.0.21140 and prior that could result in 
ingss -- definition disclosure of information or execution of arbitrary code due to 2021-06-11 Seem oo 








lack of input validation, when a malicious CGF (Configuration 
Group File) file is imported to |GSS Definition. 
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enable escalation of privilege via local access. 
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Primary ve : Cvss Source & Patch 
Vendor -- Product Pescmpiell PapieHer Score Info 
IA CWE-787: Out-of-bounds write vulnerability exists inIGSS 
inlgss -- definition Definition (Def.exe) V15.0.0.21041 and prior that could result in not yet ||CVE-2021-22750 
‘ an 2021-06-11 
loss of data or remote code execution due to missing length calculated ||MISC 
checks, when a malicious CGF file is imported to |GSS Definition. 
IA CWE-824: Access of uninitialized pointer vulnerability exists 
: ae inlIGSS Definition (Def.exe) V15.0.0.21140 and prior that could 
mlee> = Gerinitioln result in loss of data or remote code execution due to lack 2021-06-11 ee wo 
validation of user-supplied input data, when a malicious CGF file an 
is imported to IGSS Definition. 
A CWE-125: Out-of-bounds read vulnerability exists inIGSS 
F -_ Definition (Def.exe) V15.0.0.21140 and prior that could result in 
Ieee anton disclosure of information or remote code execution due to lack of || 2021-06-11 ag oo 
sanity checks on user-supplied input data, when a malicious CGF (amma 
file is imported to |GSS Definition. 
A CWE-763: Release of invalid pointer or reference vulnerability 
. re exists in|GSS Definition (Def.exe) V15.0.0.21140 and prior that 
ides = Genniian could result in loss of data or remote code execution due to 2021-06-11 a 
fag naar: a calculated ||MISC 
missing checks of user-supplied input data, when a malicious 
CGF file is imported to IGSS Definition. 
A CWE-119: Improper Restriction of Operations within the 
Bounds of a Memory Buffer vulnerability exists inIGSS Definition 
inlgss -- definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure 2021-06-11 not yet |CVE-2021-22761 
of information or remote code e+F15xecution due to missing calculated ||MISC 
length check on user supplied data, when a malicious CGF file is 
imported to IGSS Definition. 
F Domain-bypass transient execution vulnerability in some Intel 
intelslatom: PrOresSOrs [Atom(R) Processors may allow an authenticated user to 2021-06-09 hotyet GVE-2020-24519 
: ; f : : calculated ||MISC 
potentially enable information disclosure via local access. 
Improper permissions in the installer for the Intel(R) Brand CVE-2021-0086 
intel -- brand_verification_tool Verification Tool before version 11.0.0.1225 may allow an notyet lien 
F : : che ._ || 2021-06-09 MISC 
authenticated user to potentially enable escalation of privilege via calculated MLIST 
local access. —— 
inal: Improper permissions in the installer for the Intel(R) Computing 
eS MDUTNacIMBrove ment orodrant Improvement Program software before version 2.4.5982 may 2021-06-09 not yet ||CVE-2021-0074 
puting_imp —Prog allow an authenticated user to potentially enable escalation of calculated ||MISC 
privilege via local access. 
intel Incorrect default privileges in the Intel(R) Computing 
Gaia butinia JRRGROVERIGH Broan Improvement Program before version 2.4.6522 may allow an 2021-06-09 not yet |CVE-2021-0052 
puting mp Prog authenticated user to potentially enable an escalation of privilege calculated ||MISC 
via local access. 
Improper buffer restrictions in a subsystem in the Intel(R) CSME CVE-2020-8703 
intel -- csme versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 2021-06-09 not yet MISC .OSOt™S” 
13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged calculated CONFIRM 
user to potentially enable escalation of privilege via local access. ees ot 
Out of bound read in a subsystem in the Intel(R) CSME versions 
intel -- csme before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow| 5554 96.99 | notyet Ieee 
a privileged user to potentially enable information disclosure via calculated CONFIRM 
local access. ——— 
Improper initialization in a subsystem in the Intel(R) CSME 
fabalseanie versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, natvet CVE-2020-24507 
13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a 2021-06-09 eae oe MISC 
privileged user to potentially enable information disclosure via CONFIRM 
local access. 
Modification of assumed-immutable data in subsystem in Intel(R) 
intel -- csme CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 2021-06-09 not yet |CVE-2020-24516 
15.0.22 may allow an unauthenticated user to potentially enable calculated ||MISC 
escalation of privilege via physical access. 
p Insufficient control flow management in Intel(R) DSA before 
ieee version 20.11.50.9 may allow an authenticated user to potentially || 2021-06-09 hotyet |CVE-2021-0075 
: oe : calculated ||MISC 
enable escalation of privilege via local access. 
F Improper link resolution before file access in Intel(R) DSA before 
intel s=Aied version 20.11.50.9 may allow an authenticated user to potentially || 2021-06-09 not yet | /eves2U2 1004 
: pa F calculated ||MISC 
enable an escalation of privilege via local access. 
; Uncontrolled search path element in Intel(R) DSA before version 
inteloaee 20.11.50.9 may allow an authenticated user to potentially enable || 2021-06-09 HOLYE | ae 
: pa : calculated MISC 
an escalation of privilege via local access. 
. . Observable timing discrepancy in Intel(R) IPP before version 
melee 2020 update 1 may allow authorized user to potentially enable 2021-06-09 notyet |GVE-2021-0007 
; : : : calculated MISC 
information disclosure via local access. 
F Race condition in a subsystem in the Intel(R) LMS versions 
iene before 2039.1.0.0 may allow a privileged user to potentially 2021-06-09 a foe 
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Primary Bie : CVvss Source & Patch 
Vendor -- Product PescmpHenl Papilsher Score Info 
f &nbsp;lmproper access control in system firmware for some 
ney nee Intel(R) NUCs may allow a privileged user to potentially enable 2021-06-09 hot yet |CVE-2021-0067 
calculated ||MISC 
escalation of privilege via local access. ae 
F Improper buffer restrictions in system firmware for some Intel(R) 
inal ne NUCs may allow a privileged user to potentially enable escalation) 2021-06-09 notyet eVE-2021-0054 
tian ; calculated ||MISC 
of privilege via local access. 
intel Insecure inherited permissions for some Intel(R) NUC 9 Extreme 
= ; . |lL_aptop Kit LAN Drivers before version 10.42 may allow an not yet |CVE-2021-0055 
nue 2 Sexteme Japiop_stt_Jan_dnivalcnticated user to potentially enable escalation of privilege via eee ge calculated ||MISC 
local access. 
intel Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit 
= ps Driver Pack software before updated version 1.1 may allow an not yet |CVE-2021-0058 
mle ne epep_ br aais!_pack authenticated user to potentially enable escalation of privilege via ene bese calculated MISC 
local access. 
intel Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit 
~ : . Driver Pack software before updated version 1.1 may allow an not yet /|CVE-2021-0057 
ciate Japp Nantel paek authenticated user to potentially enable escalation of privilege via eve Oe Ye calculated ||MISC 
local access. 
intel Insecure inherited permissions for the Intel(R) NUC M15 Laptop 
7 ae Kit Driver Pack software before updated version 1.1 may allow an not yet |CVE-2021-0056 
be Siro Jept op it Saver pack authenticated user to potentially enable escalation of privilege via ane Ooo calculated ||MISC 
local access. 
ifelias Incorrect default permissions in the Intel(R) Optane(TM) DC 
Eotanccde: bersienk mone Persistent Memory for Windows software versions before 2021-06-09 not yet |CVE-2021-0106 
P —OC_p = 'y 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to calculated ||MISC 
potentially enable escalation of privilege via local access. 
Uncontrolled search path element in the Intel(R) Processor 
intel -- processor_diagnostic_tool ||Diagnostic Tool before version 4.1.5.37 may allow an 2021-06-09 not yet ||CVE-2020-8702 
authenticated user to potentially enable escalation of privilege via calculated ||MISC 
local access. 
Improper input validation in the firmware for some Intel(R) 
intel -- processors Processors may allow a privileged user to potentially enable 2021-06-09 Pd too ee 
escalation of privilege via local access. = 
Improper initialization in the firmware for some Intel(R) 
intel -- processors Processors may allow a privileged user to potentially enable 2021-06-09 pa ee oo 
escalation of privilege via local access. iccameaaae 
Out of bounds read in the firmware for some Intel(R) Processors 
intel -- processors may allow an authenticated user to potentially enable escalation 2021-06-09 a atela aaa 
of privilege via local access. (eae 
Insufficient control flow management in the firmware for some 
intel -- processors Intel(R) Processors may allow an unauthenticated user to 2021-06-09 ee ails 
potentially enable escalation of privilege via physical access. = 
F Improper input validation in the firmware for some Intel(R) 
Ine | PROGRES Ors Processors may allow an authenticated user to potentially enable || 2021-06-09 ee a 
denial of service via local access. aera 
CVE-2021-0089 
F Observable response discrepancy in some Intel(R) Processors MISC 
intel PIQeeseor may allow an authorized user to potentially enable information 2021-06-09 nae sen MLIST 
disclosure via local access. MLIST 
MLIST 
intelabheeesaare Improper isolation of shared resources in some Intel(R) Bat vet CVE-2020-24511 
P Processors may allow an authenticated user to potentially enable || 2021-06-09 aslciteied MISC 
information disclosure via local access. CONFIRM 
Af Race condition in the firmware for some Intel(R) Processors may 
intel piObeseane allow a privileged user to potentially enable escalation of privilege |) 2021-06-09 ss ile eee 
via local access. calculated Mou 
niall wRaeescons Observable timing discrepancy in some Intel(R) Processors may Hokvet CVE-2020-24512 
P allow an authenticated user to potentially enable information 2021-06-09 ee ee MISC 
disclosure via local access. CONFIRM 
F Out of bounds write in the firmware for some Intel(R) Processors 
Mel s=iPIBCBSsOls may allow a privileged user to potentially enable denial of service || 2021-06-09 di bee ir cael 
via local access. calculated |mieu 
, Improper initialization in the firmware for some Intel(R) 
intel =spineeeste Processors may allow a privileged user to potentially enable a 2021-06-09 ae em oe 
denial of service via local access. aa 
intel -- proset_wireless_wifi WiFi drivers may allow an authenticated user to potentially 2021-06-09 not yet |CVE-2021-0105 
enable information disclosure and denial of service via adjacent calculated ||MISC 
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Primary er : Cvss Source & Patch 
Vendor -- Product Pescmpien Papilened Score Info 
Uncontrolled search path element in the installer for the Intel(R) 
intel -- rapid_storage_technology Rapid Storage Technology software, before versions 17.9.0.34, 2021-06-09 not yet |CVE-2021-0104 
18.0.0.640 and 18.1.0.24, may allow an authenticated user to calculated ||MISC 
potentially enable escalation of privilege via local access. 
; F Improper authentication in some Intel(R) RealSense(TM) IDs 
lnneh =e laeiee Ide may allow an unauthenticated user to potentially enable 2021-06-09 not yet |CVE-2020-24514 
: er F : calculated MISC 
escalation of privilege via physical access. 
; F Protection mechanism failure in some Intel(R) RealSense(TM) 
nals iealeanies Ws IDs may allow an unauthenticated user to potentially enable 2021-06-09 Het ver. ee encsateaes ls 
: sek ; 2 calculated MISC 
escalation of privilege via physical access. 
Use of cryptographically weak pseudo-random number generator 
intel -- security_library (PRNG) in an API for the Intel(R) Security Library before version 2021-06-09 not yet |CVE-2021-0131 
3.3 may allow an authenticated user to potentially enable calculated MISC 
information disclosure via network access. 
Missing release of resource after effective lifetime in an API for 
intel -- security_library the Intel(R) Security Library before version 3.3 may allow a not yet |CVE-2021-0132 
se : : : : 2021-06-09 
privileged user to potentially enable denial of service via network calculated ||MISC 
access. 
Key exchange without entity authentication in the Intel(R) 
intel -- security_library Security Library before version 3.3 may allow an authenticated not yet |CVE-2021-0133 
; ; nay ; 2021-06-09 
user to potentially enable escalation of privilege via network calculated ||MISC 
access. 
: = se fs Improper input validation in an API for the Intel(R) Security es . 
inter -Seeuiny Dialy Library before version 3.3 may allow a privileged user to 2021-06-09 hot yet EVE aust 
f ; uaa calculated ||MISC 
potentially enable denial of service via network access. 
Improper input validation in the BMC firmware for Intel(R) Server 
intel -- server_board Board M10JNP2SB before version EFI BIOS 7215, BMC 2021-06-09 not yet |CVE-2021-0070 
8100.01.08 may allow an unauthenticated user to potentially calculated ||MISC 
enable an escalation of privilege via adjacent access. 
Path traversal in the BMC firmware for Intel(R) Server Board 
intel -- server_board_m10jnp2sb =|IM10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 2021-06-09 not yet |CVE-2021-0097 
may allow an unauthenticated user to potentially enable a denial calculated ||MISC 
of service via adjacent access. 
Out of bounds write in the BMC firmware for Intel(R) Server 
intel -- server_board_m10jnp2sb _||Board M10JNP2SB before version EFI BIOS 7215, BMC 2021-06-09 not yet |CVE-2021-0113 
8100.01.08 may allow an unauthenticated user to potentially calculated ||MISC 
enable a denial of service via adjacent access. 
Buffer overflow in the BMC firmware for Intel(R) Server 
intel -- server_board_m10jnp2sb _‘|iBoardM10JNP2SB before version EFI BIOS 7215, BMC 2021-06-09 not yet |CVE-2021-0101 
8100.01.08 may allow an unauthenticated user to potentially calculated ||MISC 
enable an escalation of privilege via adjacent access. 
Improper initialization in the BMC firmware for some Intel(R) 
F Server Boards, Server Systems and Compute Modules before not yet |CVE-2020-24475 
IMel=oSeWebeaius version 2.48.ce3e3bd2 may allow an authenticated user to 2021-06-09 |! -aicuiated MISC 
potentially enable denial of service via local access. 
[Out of bounds write in the BMC firmware for some Intel(R) Server| ri 
F Boards, Server Systems and Compute Modules before version not yet |CVE-2020-24473 
neh = Sener oils 2.48.ce3e3bd2 may allow an authenticated user to potentially 2021-06-09 |! -aicuiated MISC 
enable escalation of privilege via local access. 
Buffer overflow in the BMC firmware for some Intel(R) Server 
intel -- server_boards Boards, Server Systems and Compute Modules before version 2021-06-09 not yet ||CVE-2020-24474 
2.48.ce3e3bd2 may allow an authenticated user to potentially calculated ||MISC 
enable escalation of privilege via adjacent access. 
Improper input validation in the Intel(R) SPS versions before 
intel -- sps SPS_E5_04.04.04.023.0, SPS_E5_04.04.03.228.0 or SPS_SoC- 2021-06-09 not yet |CVE-2021-0051 
A_05.00.03.098.0 may allow a privileged user to potentially calculated ||MISC 
enable denial of service via local access. 
Insufficient control flow management in subsystem in Intel(R) 
; SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC- CVE-2020-24509 
Inia) = SBS _Pieaues A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or 2021-06-09 |) TOLyer misc 
SPS_E5_04.04.03.263.0 may allow a privileged user to CONFIRM 
potentially enable escalation of privilege via local access. 
Incorrect default permissions in the installer for the Intel(R) SSD 
intel -- ssd_data_center_tool Data Center Tool, versions downloaded before 12/31/2020, may 2021-06-09 not yet |CVE-2021-0100 
allow an authenticated user to potentially enable escalation of calculated ||MISC 
privilege via local access. 
Improper conditions check in some Intel(R) Thunderbolt(TM) ‘ ‘ 
intel -- thunderbolt controllers may allow an authenticated user to potentially enable || 2021-06-09 ea Hee 








denial of service via local access. 
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Primary er : CVvss Source & Patch 
Vendor -- Product Pesenpuell Papilshen Score Info 
Uncontrolled resource consumption in some Intel(R) 
intel -- thunderbolt Thunderbolt(TM) controllers may allow an authenticated user to 2021-06-09 ea Mee 
potentially enable denial of service via local access. a 
; _ Improper access control in some Intel(R) Thunderbolt(TM) : 2 
inter nuneerBolt controllers may allow an authenticated user to potentially enable || 2021-06-09 ee — 
denial of service via local access. oe 
f Improper control of a resource through its lifetime in some 
neh STON Intel(R) Thunderbolt(TM) controllers may allow an authenticated |} 2021-06-09 Bai oe oo 
user to potentially enable denial of service via local access. ———— 
p Insufficient control flow management in some Intel(R) 
teh ng erat Thunderbolt(TM) controllers may allow an authenticated user to 2021-06-09 ed Mee 
potentially enable denial of service via local access. (aaa 
A 7 Improper input validation in some Intel(R) Thunderbolt(TM) : ; 
inne teo maga TBOI controllers may allow an authenticated user to potentially enable || 2021-06-09 ne aaa 
denial of service via local access. so 
F Uncontrolled resource consumption in some Intel(R) 
intel = On ee rBeNt Thunderbolt(TM) controllers may allow an authenticated user to 2021-06-09 not yet GVE-2020-12296 
: F ane calculated ||MISC 
potentially enable denial of service via local access. 
. Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers 
mer ungereort may allow an authenticated user to potentially enable denial of 2021-06-09 Be ae fae 
service via local access. (eee: 
: Protection mechanism failure in some Intel(R) Thunderbolt(TM) 
into MUNG TBOIt controllers may allow an authenticated user to potentially enable || 2021-06-09 | 
: : : calculated ||MISC 
denial of service via local access. 
F F ‘ Improper access control in the Intel Unite(R) Client for Windows 
inele=tinite Scien before version 4.2.25031 may allow an authenticated user to 2021-06-09 hot yet |GVE-2021-0096 
: : sa : calculated ||MISC 
potentially enable an escalation of privilege via local access. 
p . . Uncontrolled search path in the Intel Unite(R) Client for Windows 
Unite leslie CleH before version 4.2.25031 may allow an authenticated user to 2021-06-09 hotyet | GVEai210108 
. : ie 5 calculated MISC 
potentially enable an escalation of privilege via local access. 
: ; : Unquoted service path in the Intel Unite(R) Client for Windows 
trite tee Ee SG lenit before version 4.2.25031 may allow an authenticated user to 2021-06-09 BS fog | ee As 
; : ae é calculated ||MISC 
potentially enable an escalation of privilege via local access. 
Insecure inherited permissions in the Intel Unite(R) Client for 
intel -- unite_client Windows before version 4.2.25031 may allow an authenticated 2021-06-09 not yet /CVE-2021-0102 
user to potentially enable an escalation of privilege via local calculated MISC 
access. 
P ee Incomplete cleanup in some Intel(R) VT-d products may allow an : ‘ 
inet Ve PrOness authenticated user to potentially enable escalation of privilege via |) 2021-06-09 not yet |CVE-2020-24489 
calculated ||MISC 
local access. 
Insecure inherited permissions in the installer for the Intel(R) 
intel -- vtune_profiler 'VTune(TM) Profiler before version 2021.1.1 may allow an 2021-06-09 not yet /|CVE-2021-0077 
authenticated user to potentially enable escalation of privilege via calculated ||MISC 
local access. 
A cross-site scripting (XSS) issue was discovered in Intland 
codeBeamer ALM 10.x through 10.1.SP4. It is possible to 
F perform XSS attacks through using the WebDAV functionality to not yet a 
intland -- codebeamer_alm : : : 2021-06-08 MISC 
upload files to a project (Authn users), using the users import calculated MISC 
functionality (Admin only), and changing the login text in the ———— 
application configuration (Admin only). 
IA CSRF issue was discovered in Intland codeBeamer ALM 10.x 
through 10.1.SP4. Requests sent to the server that trigger CVE-2020-26516 
intland -- codebeamer_alm actions do not contain a CSRF token and can therefore be NOCVCU- licgeaee 
; : : ay 2021-06-08 MISC 
entirely predicted allowing attackers to cause the victim's browser calculated MISC 
to execute undesired actions in the web application through (eee 
crafted requests. 
An insufficiently protected credentials issue was discovered in 
Intland codeBeamer ALM 10.x through 10.1.SP4. The remember- CVE-2020-26515 
intland -- codebeamer_alm me cookie (CB_LOGIN) issued by the application contains the notyet [yaa 
7 : : 2021-06-08 MISC 
encrypted user's credentials. However, due to a bug in the calculated MISC 
application code, those credentials are encrypted using a NULL Rr 
encryption key. 
In Invoice Ninja before 4.4.0, there is an unsafe call to 
unserialize() in app/Ninja/Repositories/AccountRepository.php 
ae A ee ety at that may allow an attacker to deserialize arbitrary PHP classes. 
cial ia Aa In certain contexts, this can result in remote code execution. The || 2021-06-06 ey ee fee 








attacker's input must be hosted at http://www.geoplugin.net 
(cleartext HTTP), and thus a successful attack requires spoofing 





that site or obtaining control of it. 
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/etc/passwd and escalate their privileges. Versions before 





kubernetes-nmstate-handler-container-v2.3.0-30 are affected. 














Primary we : CVvss Source & Patch 
Vendor -- Product DeScnpHon Papilsher Score Info 
lfs/backup in IPFire 2.25-core155 does not ensure that 
sg ng /var/ipfire/backup/bin/backup.pl is owned by the root account. It CVE-2021-33393 
ce > ES mi € owne an unprivileged account, which cou not ye 
abe a core 155 -- ipfire_2.25- [eight b d by an unprivileged t, which could eee tyet |IMISC 
potentially be used to install a Trojan horse backup.pl script that calculated ||MISC 
is later executed by root. Similar problems with the MISC 
ownership/permissions of other files may be present as well. 
A null pointer dereference was discovered in ucompthread in 
irzip -- irzip stream.c in Irzip 0.631 which allows attackers to cause a denial of|) 2021-06-10 Pee son ae 
service (DOS) via a crafted compressed file. aan 
eae wie Use after free in IZma_decompress_buf function in stream.c in 
pee Irzip 0.631 allows attackers to cause Denial of Service (DoS) via || 2021-06-10 Rea oo 
a crafted compressed file. (eae 
itzip -- irzi ‘A null pointer dereference was discovered Izo_decompress_buf not vet CVE-2020-25467 
P P in stream.c in Irzip 0.621 which allows an attacker to cause a 2021-06-10 eed MISC 
denial of service (DOS) via a crafted compressed file. MISC 
tne bet , Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query CVE-2021-21666 
ISAS = -itaian BIUSI parameters in an error message for a form validation endpoint, 2021-06-10 ee CONFIRM 
resulting in a reflected cross-site scripting (XSS) vulnerability. MLIST 
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not CVE-2021-21661 
\jenkins -- kubernetes perform permission checks in several HTTP endpoints, allowing 2021-06-10 not yet CONFIRM 
attackers with Overall/Read permission to enumerate credentials calculated MLIST 
IDs of credentials stored in Jenkins. (paises 
A cross-site request forgery (CSRF) vulnerability in Jenkins 
ot ebiaLabs eploy Plugin 10.0.1 and earlier allows attackers - - 
a XebiaLabs XL Deploy Plugin 10.0.1 and earlier all ttack natvet CVE-2021-21665 
nia besd aeoek Bldah to connect to an attacker-specified URL using attacker-specified || 2021-06-10 Paar aa CONFIRM 
—Ceploy_plug credentials IDs obtained through another method, capturing MLIST 
Username/password credentials stored in Jenkins. 
bt [A missing permission check in Jenkins XebiaLabs XL Deploy ‘ 4 
leonins ‘ Plugin 10.0.1 and earlier allows attackers with Overall/Read not yet eine 
zebialabsxl_deploy_plugin nae : : F 2021-06-10 CONFIRM 
permission to enumerate credentials ID of credentials stored in calculated MLIST 
Jenkins. (lah 
An incorrect permission check in Jenkins XebiaLabs XL Deploy 
nes Plugin 10.0.1 and earlier allows attackers with Generic Create 
aera deploy aldain permission to connect to an attacker-specified URL using 2021-06-10 not yet aaa 
—Ceploy_plug attacker-specified credentials IDs obtained through another calculated MLIST 
method, capturing Username/password credentials stored in ——s—-9 
Jenkins. 
[A missing permission check in Jenkins XebiaLabs XL Deploy 
Be sins Plugin 7.5.8 and earlier allows attackers with Overall/Read 
tere deploy pluain permission to connect to an attacker-specified URL using 2021-06-10 not yet Le es 
—Seploy_plug attacker-specified credentials IDs obtained through another calculated MLIST 
method, capturing Username/password credentials stored in ae 
Jenkins. 
; : : , An issue was discovered in JerryScript 2.4.0. There is a heap- not yet |CVE-2021-26199 
Jen SCnPt = leMySenpt use-after-free in ecma_bytecode_ref in ecma-helpers.c file. 2021-06-10 | calculated |CONFIRM 
F : F : An issue was discovered in JerryScript 2.4.0. There is a heap- 
PeATYSGnph == lemysenpt use-after-free in ecma_is_lexical_environment in the ecma- 2021-06-10 lias rs d Coenen 
helpers.c file. —— 
jerryscript - jerryscript [An issue was discovered in JerryScript 2.4.0. There isa SEVG in | 5051 99-19 | notyet [CVE-2021-26198 
ecma_deref_bigint in ecma-helpers.c file. calculated ||CONFIRM 
\jerryscript -- jerryscript An issue was discovered in JerryScript 2.4.0. There is a heap- 2021-06-10 not yet |CVE-2021-26195 
buffer-overflow in lexer_parse_number in js-lexer.c file. calculated ||CONFIRM 
\jerryscript -- jerryscript An issue was discovered in JerryScript 2.4.0. There is a SEGV in 2021-06-10 not yet |CVE-2021-26197 
main_print_unhandled_exception in main-utils.c file. calculated ||CONFIRM 
A vulnerability has been identified in JT2Go (All versions < 
V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). 
F ; eae The TIFF_loader.dll library in affected applications lacks proper 
pepe -taameentor NEU aleanon validation of user-supplied data when parsing TIFF files. This 2021-06-08 ee ee 
could result in an out of bounds write past the end of an allocated a 
structure. An attacker could leverage this vulnerability to execute 
code in the context of the current process. (ZDI-CAN-13131) 
An insecure modification vulnerability flaw was found in 
containers using nmstate/kubernetes-nmstate-handler. An 
ROBEtaleo MbE ets attacker with access to the container could use this flaw to modify|| 2021-06-07 Sa eae 1 cin 
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Primary er : Cvss Source & Patch 
Vendor -- Product Pesenpien Papilsher Score Info 
In LabCup before <v2_next_18022, it is possible to use the save 
API to perform unauthorized actions for users without access to 
user management in order to, after successful exploitation, gain 
labeup ec labou access to a victim's account. A user without the user- nat vet CVE-2021-33031 
P P management privilege can change another user's email address _ || 2021-06-10 saaicied MISC 
if the attacker knows details of the victim such as the exact roles MISC 
and group roles, ID, and remote authentication ID settings. These 
must be sent in a modified save API request. It was fixed in 
6.3.0.03. 
lancom_rands -- unified_firewall LANCOM R&S Unified Firewall (UF) devices running LCOS FX 2021-06-10 not yet |CVE-2021-31538 
10.5 allow Relative Path Traversal. calculated ||MISC 
An improper input validation vulnerability in 
F ‘ sdfffd_parse_chunk_FVER() in libsdffextractor library prior to not yet |CVE-2021-25386 
UbsapeeniaetOl a lbialy SMR MAY-2021 Release 1 allows attackers to execute arbitrary 2021-06-11 | caiculated ||MISC 
code on mediaextractor process. 
; i An improper input validation vulnerability in scmn_mfal_read() in i : 
Ubsapeearactah Nay libsapeextractor library prior to SMR MAY-2021 Release 1 allows || 2021-06-11 hot yet |GVE-2021-25385 
: : calculated MISC 
attackers to execute arbitrary code on mediaextractor process. (ema 
An improper input validation vulnerability in 
libsapeextractor -- library sdfffd_parse_chunk_PROP() with Sample Rate Chunk in 2021-06-11 not yet |CVE-2021-25384 
libsdffextractor library prior to SMR MAY-2021 Release 1 allows calculated MISC 
attackers to execute arbitrary code on mediaextractor process. 
An improper input validation vulnerability in 
libsapeextractor -- library sdfffd_parse_chunk_PROP() in libsdffextractor library prior to 2021-06-11 not yet |CVE-2021-25385 
SMR MAY-2021 Release 1 allows attackers to execute arbitrary calculated ||MISC 
code on mediaextractor process. 
: i An improper input validation vulnerability in sflacfd_get_frm() in ei 7 
He erly libsflacextractor library prior to SMR MAY-2021 Release 1 allows || 2021-06-11 || "otyet |CVE-2021-25387 
; , calculated MISC 
attackers to execute arbitrary code on mediaextractor process. fa 
Cross-site scripting (XSS) vulnerability in the Portal Workflow 
ieray litera module's edit process page in Liferay DXP 7.0 before fix pack 99, nat vet CVE-2021-29049 
y y 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix | 2021-06-09 | T° V . (CONFIRM 
pack 1, allows remote attackers to inject arbitrary web script or MISC 
HTML via the currentURL parameter. 
CVE-2020-36387 
[An issue was discovered in the Linux kernel before 5.8.2. not vet MISC 
linux -- linux_kernel fs/io_uring.c has a use-after-free related to io_async_task_func 2021-06-07 eaieiaa MISC 
and ctx reference holding, aka CID-6d816e088c35. MISC 
MISC 
CVE-2019-25045 
An issue was discovered in the Linux kernel before 5.0.19. The natwet MISC 
linux -- linux_kernel XFRM subsystem has a use-after-free, related to an 2021-06-07 Ae ae MISC 
xfrm_state_fini panic, aka CID-dbb2483b2a46. MISC 
MISC 
linux tinue: Kernel An issue was discovered in the Linux kernel before 4.14.16. not vet 
= There is a use-after-free in net/sctp/socket.c for a held lock after || 2021-06-07 acd 
a peel off, aka CID-a0ff660058b8. 
A flaw double-free memory corruption in the Linux kernel HCl CVE-2021-3564 
Hinibe=linuse ‘keeenel device initialization subsystem was found in the way user attach not vet MISC 
= malicious HCI TTY Bluetooth device. A local user could use this 2021-06-08 cited MLIST 
flaw to crash the system. This flaw affects all the Linux kernel MLIST 
versions starting from 3.13. MISC 
An issue was discovered in the Linux kernel before 5.10. oe 
linux -- linux_kernel drivers/infiniband/core/ucma.c has a use-after-free because the not yet 
: ; aa : pened aes 2021-06-07 MISC 
ctx is reached via the ctx_list in some ucma_migrate_id situations calculated MISC 
where ucma_close is called, aka CID-f5449e74802c. MISC 
CVE-2020-36386 
fiauscex inube Kernel [An issue was discovered in the Linux kernel before 5.8.1. not vet Lrg 
= net/bluetooth/hci_event.c has a slab out-of-bounds read in 2021-06-07 gcd MISC 
hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. MISC 
MISC 
ieee SSL Network Extender Client for Linux before build 800008302 
: reveals part of the contents of the configuration file supplied, not yet |CVE-2021-30357 
pol Nebvon extender client which allows partially disclosing files to which the user did not etelOe-ne calculated ||MISC 
have access. 








https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e3f874 

















25/46 














6/15/2021 


Vulnerability Summary for the Week of June 7, 2021 
























































































































































https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e3f874 














Primary er : Cvss Source & Patch 
Vendor -- Product Pescaphel Pabileher Score Info 
The package locutus before 2.0.15 are vulnerable to Regular ——— 
locutus -- locutus : : : F ; not yet MISC 
Expression Denial of Service (ReDoS) via the gopher_parsedir 2021-06-08 Iculated |MISC 
function. calculated (MISC 
MISC 
Incomplete List of Disallowed Inputs in ManageEngine 
manageengine -- servicedesk_plus ||ServiceDesk Plus before version 11205 allows a remote, 2021-06-10 not yet |CVE-2021-20081 
authenticated attacker to execute arbitrary commands with calculated ||MISC 
SYSTEM privileges. 
Improper privilege management vulnerability in McAfee Agent for 
Windows prior to 5.7.3 allows a local user to modify event 
mcafee -- agent_for_windows information in the MA event folder. This allows a local user to 2021-06-10 i ORT 
either add false events or remove events from the event logs iced sees 
prior to them being sent to the ePO server. 
A vulnerability in the preloading mechanism of specific dynamic 
link libraries in McAfee Agent for Windows prior to 5.7.3 could 
, allow an authenticated, local attacker to perform a DLL 
meatee — agent_for_windows preloading attack with unsigned DLLs. To exploit this vulnerability, || 2021-06-10 a eT 
the attacker would need to have valid credentials on the Windows ——— 
system. This would result in the user gaining elevated 
permissions and being able to execute arbitrary code. 
Improper Neutralization of Input in the ePO administrator 
extension for McAfee Data Loss Prevention (DLP) Endpoint for 
mcafee -- data_loss_prevention Windows prior to 11.6.200 allows a remote ePO DLP 2021-06-09 not yet |CVE-2021-31832 
administrator to inject JavaScript code into the alert configuration calculated ||CONFIRM 
text field. This JavaScript will be executed when an end user 
triggers a DLP policy on their machine. 
Memory corruption vulnerability in the driver file component in 
McAfee GetSusp prior to 4.0.0 could allow a program being 
meafee — getsusp investigated on the local machine to trigger a buffer overflow in 2021-06-09 keen aT 
GetSusp, leading to the execution of arbitrary code, potentially ——— 
triggering a BSOD. 
fnlcrasoli-eepettet ASP.NET Denial of Service Vulnerability 2021-06-08 || Notyet |CVE-2021-31957 
calculated ||MISC 
migrosot sawn core brary Microsoft DWM Core Library Elevation of Privilege Vulnerability || 2021-06-08 || "otyet j{CVE-2021-33739 
calculated ||MISC 
: CVE-2021-31939 
microsoft = excel Microsoft Excel Remote Code Execution Vulnerability 2021-06-08 nor yet MISC 
calculated 
MISC 
pplcrasolti= hype ry Windows Hyper-V Denial of Service Vulnerability 2021-06-08 || Notyet |CVE-2021-31977 
calculated ||MISC 
deat ‘apaneed | cryptographic Micri rosoft Enhanced Cryptographic Provider Elevation of Privilege 2021-06-08 not yet |CVE-2021-31199 
Typlograp nic Wine Nerability This CVE ID is unique from CVE-2021-31201. calculated ||MISC 
IOS ite Windows NTFS Elevation of Privilege Vulnerability 2021-06-08 || notyet /CVE-2021-31956 
calculated ||MISC 
microsoft — outlook Microsoft Outlook Remote Code Execution Vulnerability 2021-06-08 not yet |GVE-2021-91949 
calculated ||MISC 
microsoft -- paint_3d_remote Paint 3D Remote Code Execution Vulnerability This CVE ID is 2021-06-08 not yet tae — 
unique from CVE-2021-31945, CVE-2021-31946. calculated MISC 
F Pe ; CVE-2021-31959 
microsoft — seripting_engine Scripting Engine Memory Corruption Vulnerability 2021-06-08 net Yet MISC 
calculated 
MISC 
microsoft -- sharepoint_server Microsoft SharePoint Server Spoofing Vulnerability This CVE ID 2021-06-08 not yet 1 nas 
is unique from CVE-2021-31948, CVE-2021-31964. calculated MISC 
microsoft — sharepoint_server Microsoft SharePoint Server Information Disclosure Vulnerability || 2021-06-08 not yet |CVE-2021-31965 
calculated ||MISC 
microsoft -- sharepoint_server Microsoft SharePoint Server Spoofing Vulnerability This CVE ID 2021-06-08 not yet |CVE-2021-31964 
is unique from CVE-2021-31948, CVE-2021-31950. calculated |IMISC 
P ‘ Microsoft SharePoint Server Remote Code Execution 
microsoft - sharepoint_server I inerability This CVE ID is unique from CVE-2021-26420, CVE- | 2021-06-08 hae eu oe 
2021-31963. calculate 
; F Microsoft SharePoint Server Remote Code Execution 
microsoft ~ sharepoint _server Vulnerability This CVE ID is unique from CVE-2021-26420, CVE- | 2021-06-08 | "Otvet | |awe-2021-31963 
2021-31966. seanbeiadal (ama 
microsoft -- sharepoint_server Microsoft SharePoint Server Spoofing Vulnerability This CVE ID 2021-06-08 not yet |CVE-2021-31948 
is unique from CVE-2021-31950, CVE-2021-31964. calculated |IMISC 
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Prima er : Cvss Source & Patch 
Vendor -- Product Pescapien Papilshe” Score Info 
microsoft -- ‘ ; : ; a CVE-2021-31954 
windows_common_log_fle_system|gfiJepn®.-ommon Log File System Driver Elevation of Privilege 2021-06-08 lee MISC 
MISC 
microsoft -- 
windows_filter_manager Windows Filter Manager Elevation of Privilege Vulnerability 2021-06-08 ee ee 
mleracot== "windows: Keme! Windows Kernel Elevation of Privilege Vulnerability 2021-06-08 | TOryet a 
migrosot windows ntl Windows NTLM Elevation of Privilege Vulnerability 2021-06-08 || Totyer oe 
Ba ea g Mintty before 3.4.7 mishandles Bracketed Paste Mode. 2021-06-06 || notyet /CVE-2021-51701 
calculated ||MISC 
Uncontrolled Resource Consumption vulnerability in Mitsubishi 
Electric MELSEC iQ-R series CPU modules (RO0/01/02CPU all 
versions, R0O4/08/16/32/120(EN)CPU all versions, 
mitsubishi -- electric_melsec_iq- R08/16/32/120SFCPU all versions, RO8/16/32/120PCPU all not vet CVE-2021-20591 
r_series_modules versions, RO8/16/32/120PSFCPU all versions) allows a remote 2021-06-11 Sicieied MISC 
unauthenticated attacker to prevent legitimate clients from MISC 
connecting to the MELSOFT transmission port (TCP/IP) by not 
closing a connection properly, which may lead to a denial of 
service (DoS) condition. 
A CWE-200: Exposure of Sensitive Information to an 
Unauthorized Actor vulnerability exists in Modicon X80 
: BMXNOR0O200H RTU SV1.70 IR22 and prior that could cause 
Mpa ICa TsO. Denon 2 ena information leak concerning the current RTU configuration 2021-06-11 dies a i ca 
including communication parameters dedicated to telemetry, catcurated pyisy 
when a specially crafted HTTP request is sent to the web server 
of the module. 
Specific cstrings input may not be properly validated in the 
, MongoDB Go Driver when marshalling Go objects into BSON. A 
ingngouby GeLower malicious user could use a Go object with specific string to 2021-06-10 ds ae aaa 
potentially inject additional fields into marshalled documents. This ave 
issue affects all MongoDB GO Drivers up to (and including) 1.5.0. 
In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x 
before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 
2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 
(12.1.4), and 2021.x before 2021.0.1 (13.0.1), a SQL injection 
vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the CVE-2021-33894 
moveit -- transfer MOVEit Transfer web app. This could allow an authenticated 2021-06-09 not yet CONFIRM 
attacker to gain unauthorized access to the database. Depending calculated MISC. 
on the database engine being used (MySQL, Microsoft SQL = 
Server, or Azure SQL), an attacker may be able to infer 
information about the structure and contents of the database 
and/or execute SQL statements that alter or delete database 
elements. 
Nagios XI 5.7.5 and earlier allows authenticated admins to 
nagios_xi -- nagios_xi upload arbitrary files due to improper validation of the rename 2021-06-07 not yet |CVE-2021-3277 
functionality in custom-includes component, which leads to calculated MISC 
remote code execution by uploading php files. 
An unauthenticated attacker with physical access to a computer CVE-2021-34546 
with NetSetMan Pro before 5.0 installed, that has the pre-logon MISC 
netsetman -- pro profile switch button within the Windows logon screen enabled, is 2021-06-10 not yet MISC 
able to drop to an administrative shell and execute arbitrary calculated ||MISC 
commands as SYSTEM via the "save log to file" feature. To FULLDISC 
accomplish this, the attacker can navigate to cmd.exe. MISC 
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is 
nextcloud -- android_app vulnerable to information disclosure due to searches for sharees not yet CVE-2021-22905 
= being performed by default on the lookup server instead of only 2021-06-11 ealeulated MISC 
using the local Nextcloud server unless a global search has been MISC 
explicitly chosen by the user. 
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information 
naxtcioud “deck disclosure vulnerability when searches for sharees utilize the not yet CVE-2021-22913 
lookup server by default instead of only the local Nextcloud 2021-06-11 eaiculated MISC 
server unless a global search has been explicitly chosen by the MISC 
user. 
CVE-2021-22895 
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper natvet MISC 
nextcloud -- desktop_client certificate validation due to lack of SSL certificate verification 2021-06-11 cand MISC 
when using the "Register with a Provider" flow. MISC 
MISC 
.__ |INextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 CVE-2021-22906 
nextcloud -- end-to-end_encryption |. ters from a denial of service vulnerability due to permitting any || 2021-06-11 bs ee MISC 
authenticated users to lock files of other users. eee Mee 
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Primary er : CVvss Source & Patch 
Vendor -- Product Pesenpuent Pabilshed Score Info 
Nextcloud iOS before 3.4.2 suffers from an information disclosure CVE-2021-22912 
nextcloud -- ios vulnerability when searches for sharees utilize the lookup server 2021-06-11 not yet a 
by default instead of only on the local Nextcloud server unless a calculated MISC 
global search has been explicitly chosen by the user. = 
nestcloud inal Nextcloud Mail before 1.9.5 suffers from improper access control aatvat MISC 
due to a missing permission check allowing other authenticated 2021-06-11 eed MISC 
users to create mail aliases for other users. MISC 
MISC 
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to 
Wedteloud = Seniar brute force attacks due to lack of inclusion of IPv6 subnets in notvat CVE-2021-22915 
rate-limiting considerations. This could potentially result in an 2021-06-11 ead MISC 
attacker bypassing rate-limit controls such as the Nextcloud MISC 
brute-force protection. 
CVE-2017-20005 
NGINX before 1.13.6 has a buffer overflow for years that exceed MISC 
nginx -- nginx four digits, as demonstrated by a file with a modification date in 2021-06-06 not yet MISC 
1969 that causes an integer overflow (or a false modification date calculated ||MISC 
far in the future), when encountered by the autoindex module. MISC 
MLIST 
Incorrect access control in push notification service in Night Owl 
Smart Doorbell FW version 20190505 allows remote users to 
send push notification events via an exposed PNS server. A 
F remote attacker can passively record push notification events CVE-2020-28713 
night owl doorbell tw which are sent over an insecure web request. The web service 2021-06-08 Pe kee MISC 
does not authenticate requests, and allows attackers to send an MISC 
indefinite amount of motion or doorbell events to a user's mobile 
application by either replaying or deliberately crafting false 
events. 
ntpkeygen can generate keys that ntpd fails to parse. NTPsec 
1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd 
then either pads, shortens the key, or fails to load these keys 
eokevden pibkevcert entirely, depending on the key type and the placement of the '#'. not vet a 
preyg pKeyg This results in the administrator not being able to use the keys as || 2021-06-08 y ieee 
: calculated MISC 
expected or the keys are shorter than expected and easier to MISC 
brute-force, possibly resulting in MITM attacks between ntp ——— 
clients and ntp servers. For short AES128 keys, ntpd generates a 
warning that it is padding them. 
In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local 
authenticated malicious user with high privileges could potentially 
: gain unauthorized access to TPM non-volatile memory. NOTE: , 
nuvoton = npelior TmNale Upgrading to firmware version 7.4.0.1 will mitigate against the 2021-06-08 Pi hol a 
vulnerability, but version 7.4.0.1 is not TCG or Common Criteria ieee 
(CC) certified. Nuvoton recommends that users apply the 
NPCT75x TPM 1.2 firmware update. 
On NXP MIFARE Ultralight and NTAG cards, an attacker can 
interrupt a write operation (aka conduct a "tear off" attack) over oe 
nxp -- mifare_ultralight_and_ntag ||RFID to bypass a Monotonic Counter protection mechanism. The 2021-06-06 not yet MISC 
impact depends on how the anti tear-off feature is used in specific calculated MISC 
applications such as public transportation, physical access MISC 
control, etc. 
CVE-2021-33356 
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 ee 
omriinbar -- raspap could allow an authenticated remote attacker to inject arbitrary 2021-06-09 not yet MISC 
commands to /installers/common.sh component that can result in calculated MISC 
remote command execution with root privileges. MISC 
MISC 
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET 
3 _ parameter in /ajax/networking/get_netcfg.php, when the "iface" CVE-2021-33357 
Omnia bar taepap parameter value contains special characters such as ";" which 2021-06-09 ee MISC 
enables an unauthenticated attacker to execute arbitrary OS MISC 
commands. 
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the 
sratiabanstasne "interface", "ssid" and "wpa_passphrase" POST parameters in ABtval 7 as 
pap /hostapd, when the parameter values contain special characters || 2021-06-09 y Parra 
We G/M whi ‘ calculated |IMISC 
such as ";" or "$()" which enables an authenticated attacker to MISC 
execute arbitrary OS commands. —=—s 
OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause rotvet CVE-2021-34555 
opendmarc -- opendmarc a denial of service pointer dereference and application -06- 
d d denial of ice (NULL pointer deref d licati 2021-06-10 Rea re MISC 
crash) via a multi-value From header field. MISC 
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Primary er : Cvss Source & Patch 
Vendor -- Product PeSenpuen Papilsher Score Info 
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles 
ElGamal encryption because it lacks exponent blinding to CVE-2021-33560 
address a side-channel attack against mpi_powm, and the MISC... 
openpgp -- elgamal window size is not chosen appropriately. (There is also an 2021-06-08 not yet MISC 
interoperability problem because the selection of the k integer calculated MISC 
value does not properly consider the differences between basic MISC 
ElGamal encryption and generalized ElGamal encryption.) This, ieee 
for example, affects use of EliGamal in OpenPGP. 
openplc -- scadabr OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 2021-06-11 not yet pee 
on Windows allows stored XSS via system_settings.shtm. calculated MISC 
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 CVE-2021-26828 
openplc -- scadabr : : not yet MISC 
on Windows allows remote authenticated users to upload and 2021-06-11 
: : pies : calculated ||MISC 
execute arbitrary JSP files via view_edit.shtm. MISC 
An unsafe deserialization vulnerability in Bridgecrew Checkov by 
Prisma Cloud allows arbitrary code execution when processing a 
PaaS eee malicious terraform file. This issue impacts Checkov 2.0 versions || 2021-06-10 ee it aan 
earlier than Checkov 2.0.139. Checkov 1.0 versions are not —— 
impacted. 
A local privilege escalation vulnerability exists in the Palo Alto 
Networks Cortex XDR agent on Windows platforms that enables 
an authenticated local Windows user to execute programs with 
SYSTEM privileges. This requires the user to have the privilege 
palo_alto_networks -- to create files in the Windows root directory or to manipulate key 
cortex_xdr_agent registry values. This issue impacts: Cortex XDR agent 5.0 2021-06-10 na a ieee 
versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent rae 
6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR 
agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All 
versions of Cortex XDR agent 7.2 without content update release 
171 or a later version. 
An information exposure through log file vulnerability exists in the 
Palo Alto Networks Prisma Cloud Compute Console where a 
secret used to authorize the role of the authenticated user is 
palo_alto_networks -- logged to a debug log file. Authenticated Operator role and 
prisma agua compute_console Auditor role users with access to the debug log files can use this 2021-06-10 not yet |CVE-2021-3039 
= = = secret to gain Administrator role access for their active session in calculated ||MISC 
Prisma Cloud Compute. Prisma Cloud Compute SaaS versions 
were automatically upgraded to the fixed release. This issue 
impacts all Prisma Cloud Compute versions earlier than Prisma 
Cloud Compute 21.04.412. 
Polaris Office v9.103.83.44230 is affected by a Uninitialized 
polaris -- office Pointer Vulnerability in PolarisOffice.exe and EngineDLL.dll that 2021-06-08 not yet |CVE-2021-34280 
may cause a Remote Code Execution. To exploit the vulnerability, calculated ||MISC 
someone must open a crafted PDF file. 
poropro -- kuaifancms KuaiFanCMS V5.x contains an arbitrary file read vulnerability in 2021-06-11 not yet |CVE-2021-3256 
the html_url parameter of the chakanhtml.module.php file. calculated ||MISC 
A CWE-640: Weak Password Recovery Mechanism for Forgotten 
Password vulnerability exists in PowerLogic PM55xx, PowerLogic 
powerlogic -- multiple_products PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see 2021-06-11 not yet | Svea ieerGs 
; Phare apie 7 calculated ||MISC 
security notification for version infromation) that could allow an 
attacker administrator level access to a device. 
A CWE-287: Improper Authentication vulnerability exists in 
PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic 
; , EGX100 and PowerLogic EGX300 (see security notification for not yet |CVE-2021-22764 
poweragic:>miulliple products version infromation) that could cause loss of connectivity to the 2021-06-11 | caiculated ||MISC 
device via Modbus TCP protocol when an attacker sends a 
specially crafted HTTP request. 
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper 
Input Validation vulnerability exists in PowerLogic EGX100 
powerlogic -- multiple_products (Versions 3.0.0 and newer) and PowerLogic EGX300 (All 2021-06-11 not yet |CVE-2021-22768 
Versions) that could cause denial of service or remote code =e calculated ||MISC 
execution via a specially crafted HTTP packet.This CVE ID is 
unique from CVE-2021-22767. 
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper 
Input Validation vulnerability exists in PowerLogic EGX100 
powerlogic -- multiple_products (Versions 3.0.0 and newer) and PowerLogic EGX300 (All 2021-06-11 not yet |CVE-2021-22767 
Versions) that could cause denial of service or remote code cal calculated MISC 
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Primary ae : Cvss Source & Patch 
Vendor -- Product PesenpHell Papilsher Score Info 
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper 
‘ F Input Validation vulnerability exists in PowerLogic EGX100 
powerlogic -- multiple_products —_I/a-sions 3.0.0 and newer) and PowerLogic EGX300 (All 2021-06-11 || _notyet IGVE-2021-22765 
; : f calculated ||MISC 
Versions) that could cause denial of service or remote code 
execution via a specially crafted HTTP packet. 
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper 
, , Input Validation vulnerability exists in PowerLogic EGX100 
powerlogic -- multiple_products I Versions 3.0.0 and newer) and PowerLogic EGX300 (All 2021-06-11 || notyet |CVE-2021-22766 
: : eee : calculated MISC 
Versions) that could cause denial of service via a specially 
crafted HTTP packet. 
prtg -- nework_monitor PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF 2021-06-10 not yet |CVE-2021-34547 
for user account creation. calculated ||MISC 
The aaugustin websockets library before 9.1 for Python has an 
Observable Timing Discrepancy on servers when HTTP Basic 
pylon Weneeckess Authentication is enabled with 2021-06-06 | ve ee 
basic_auth_protocol_factory(credentials=...). An attacker may be ee 
able to guess a password via a timing attack. 
If exploited, this vulnerability allows an attacker to access 
qnap -- qnap_nas resources which are not otherwise accessible without proper 2021-06-08 not yet |CVE-2021-28810 
authentication. Roon Labs has already fixed this vulnerability in calculated ||CONFIRM 
the following versions: Roon Server 2021-05-18 and later 
If exploited, this command injection vulnerability could allow 
qnap -- qnap_nas remote attackers to run arbitrary commands. Roon Labs has 2021-06-08 not yet |CVE-2021-28811 
already fixed this vulnerability in the following versions: Roon calculated ||CONFIRM 
Server 2021-05-18 and later 
An improper access control vulnerability has been reported to 
qnap -- qnap_nas affect QNAP NAS. If exploited, this vulnerability allows remote 2021-06-11 not yet |CVE-2021-28814 
attackers to compromise the security of the software. This issue calculated ||MISC 
affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4. 
Inclusion of sensitive information in the source code has been 
reported to affect certain QNAP switches running QSS. If 
exploited, this vulnerability allows attackers to read application 
qnap -- qnap_switches data. This issue affects: QNAP Systems Inc. QSS versions prior 2021-06-11 not yet |CVE-2021-28805 
to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to calculated |IMISC 
1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 
build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 
build 20210506 on QSW-M408. 
An out-of-bounds read vulnerability has been reported to affect 
certain QNAP switches running QSS. If exploited, this 
; vulnerability allows attackers to read sensitive information on the 
Gna Alay Svitcnee system. This issue affects: QNAP Systems Inc. QSS versions 2021-06-11 ea eat jie 
prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior ipo 
to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 
1.0.2 build 20210122 on QSW-M2108R-2C. 
Buffer overflow might occur while parsing unified command due 
to lack of check of input data received in Snapdragon Auto, 
walcomm' Snapdragon Compute, Snapdragon Connectivity, Snapdragon not yet |ICVE-2020-11235 
at je: enapdiscon -preducis Consumer Electronics Connectivity, Snapdragon Consumer IOT, |) 2021-06-09 ed CONFIRM 
plie_snaperagon_p Snapdragon Industrial OT, Snapdragon loT, Snapdragon Mobile, beanies 
Snapdragon Voice & Music, Snapdragon Wired Infrastructure and 
Networking 
Possible heap overflow while parsing NAL header due to lack of 
qualcomm -- check of length of data received from user in Snapdragon Auto, 2021-06-09 not yet |CVE-2020-11182 
multiple_snapdragon_products Snapdragon Compute, Snapdragon Connectivity, Snapdragon calculated ||CONFIRM 
Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 
While processing server certificate from IPSec server, certificate 
validation for subject alternative name API can cause heap 
qualcomm -- overflow which can lead to memory corruption in Snapdragon 2021-06-09 not yet |CVE-2020-11176 
multiple_snapdragon_products Auto, Snapdragon Compute, Snapdragon Connectivity, calculated ||CONFIRM 
Snapdragon Consumer IOT, Snapdragon Industrial IOT, 
Snapdragon loT, Snapdragon Mobile 
Memory corruption due to buffer overflow while copying the 
message provided by HLOS into buffer without validating the 
qualcomm -- length of buffer in Snapdragon Auto, Snapdragon Compute, 2021-06-09 not yet |CVE-2020-11165 
multiple_snapdragon_products Snapdragon Connectivity, Snapdragon Consumer IOT, calculated ||CONFIRM 








Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 





Wired Infrastructure and Networking 
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Nias : Cvss Source & Patch 
Vendor -- Product Description Published Score Info 


Stack out-of-bounds write occurs while setting up a cipher device 
if the provided IV length exceeds the max limit value in 
Snapdragon Auto, Snapdragon Compute, Snapdragon 
Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial || 2021-06-09 
IOT, Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wearables, Snapdragon Wired Infrastructure and 
Networking 


Possible buffer overflow while updating ikev2 parameters for 
delete payloads received during informational exchange due to 
qualcomm -- lack of check of input validation for certain parameters received 2021-06-09 not yet |CVE-2020-11291 
multiple_snapdragon_products from the ePDG server in Snapdragon Auto, Snapdragon calculated ||CONFIRM 
Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, 
Snapdragon Industrial IOT, Snapdragon loT, Snapdragon Mobile 


Possible buffer overflow in voice service due to lack of input 
validation of parameters in QMI Voice API in Snapdragon Auto, 
qualcomm -- Snapdragon Compute, Snapdragon Connectivity, Snapdragon 
multiple_snapdragon_products Consumer IOT, Snapdragon Industrial |OT, Snapdragon loT, 
Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon 
Wearables 


While waiting for a response to a callback or listener request, 
non-secure clients can change permissions to shared memory 
buffers used by HLOS Invoke Call to secure kernel in 
Snapdragon Auto, Snapdragon Compute, Snapdragon 2021-06-09 
Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial 
IOT, Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wired Infrastructure and Networking 


Memory corruption due to ioctl command size was incorrectly set 
to the size of a pointer and not enough storage is allocated for 
qualcomm -- the copy of the user argument in Snapdragon Auto, Snapdragon 2021-06-09 not yet /|CVE-2020-11240 
multiple_snapdragon_products Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, calculated ||CONFIRM 
Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 
Voice & Music, Snapdragon Wearables 


Possible out of bound read in DRM due to improper buffer length 
check. in Snapdragon Auto, Snapdragon Compute, Snapdragon 
Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial || 2021-06-09 
IOT, Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wired Infrastructure and Networking 


Out-of-bounds memory access can occur while calculating 
alignment requirements for a negative width from external 
components in Snapdragon Auto, Snapdragon Compute, 2021-06-09 not yet |CVE-2020-11161 
Snapdragon Connectivity, Snapdragon Consumer IOT, calculated ||CONFIRM 
Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 
Voice & Music 


Buffer over-read can happen while processing WPA,RSN IE of 
beacon and response frames if IE length is less than length of 
frame pointer being accessed in Snapdragon Auto, Snapdragon 
Compute, Snapdragon Connectivity, Snapdragon Consumer 2021-06-09 not yet CVE-2020-11159 
Electronics Connectivity, Snapdragon Consumer IOT, calculated ||CONFIRM 
Snapdragon Industrial IOT, Snapdragon loT, Snapdragon Mobile, 
Snapdragon Voice & Music, Snapdragon Wired Infrastructure and 
Networking 


Possible stack out of bound write might happen due to time 
bitmap length and bit duration fields of the attributes like NAN 
ranging setup attribute inside a NAN management frame are not 
Properly validated in Snapdragon Auto, Snapdragon Compute, 
Snapdragon Connectivity, Snapdragon Consumer Electronics 
Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial 
IOT, Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wired Infrastructure and Networking 


Possible out of bound read while WLAN frame parsing due to 
lack of check for body and header length in Snapdragon Auto, 
Snapdragon Compute, Snapdragon Connectivity, Snapdragon 2021-06-09 not yet |CVE-2020-11126 
Consumer Electronics Connectivity, Snapdragon Consumer IOT, calculated ||CONFIRM 
Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 
Voice & Music, Snapdragon Wired Infrastructure and Networking 


[A race between command submission and destroying the context 
can cause an invalid context being added to the list leads to use 
after free issue. in Snapdragon Auto, Snapdragon Compute, 
Snapdragon Connectivity, Snapdragon Consumer IOT, 
Snapdragon Industrial OT, Snapdragon Mobile, Snapdragon 
Voice & Music, Snapdragon Wearables 





qualcomm -- 
multiple_snapdragon_products 


not yet ||CVE-2020-11267 
calculated |ICONFIRM 














not yet |CVE-2020-11292 


2021-06-09 | -aicuiated |ICONFIRM 








qualcomm -- 
multiple_snapdragon_products 


not yet |CVE-2020-11298 
calculated ||CONFIRM 














qualcomm -- 
multiple_snapdragon_products 


not yet |CVE-2020-11304 
calculated |ICONFIRM 








qualcomm -- 
multiple _snapdragon_products 








qualcomm -- 
multiple _snapdragon_products 








qualcomm -- 


multiple_snapdragon_products Hat vet: eves 


2021-06-09 | -aicuiated |ICONFIRM 








qualcomm -- 
multiple_snapdragon_products 








qualcomm -- 


multiple_snapdragon_products not yet |CVE-2020-11262 


2021-06-09 | -aicuiated |ICONFIRM 
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Possible integer overflow in RPMB counter due to lack of length 
qualcomm -- check on user provided data in Snapdragon Auto, Snapdragon 
multiple_snapdragon_products Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, |} 2021-06-09 
Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 
Wired Infrastructure and Networking 





not yet /|CVE-2020-11306 
calculated |ICONFIRM 








Reachable assertion is possible while processing peer 
association WLAN message from host and nonstandard incoming 
qualcomm -- packet in Snapdragon Auto, Snapdragon Compute, Snapdragon 
multiple_snapdragon_products Connectivity, Snapdragon Consumer Electronics Connectivity, 2021-06-09 
Snapdragon Consumer IOT, Snapdragon Industrial |OT, 
Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon 
Wired Infrastructure and Networking 


not yet |CVE-2021-1937 
calculated |ICONFIRM 








Possible use after free in Display due to race condition while 
qualcomm -- creating an external display in Snapdragon Auto, Snapdragon 
multiple_snapdragon_products Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, || 2021-06-09 
Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 
Voice & Music, Snapdragon Wearables 


not yet /CVE-2021-1900 
calculated ||CONFIRM 








Possible Buffer over-read in ARP/NS parsing due to lack of check 
of packet length received in Snapdragon Auto, Snapdragon 
Compute, Snapdragon Connectivity, Snapdragon Consumer 2021-06-09 not yet |CVE-2020-11238 
Electronics Connectivity, Snapdragon Consumer IOT, calculated ||CONFIRM 
Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 
Moice & Music, Snapdragon Wired Infrastructure and Networking 


qualcomm -- 
multiple _snapdragon_products 








Use after free issue when importing a DMA buffer by using the 
CPU address of the buffer due to attachment is not cleaned up 
properly in Snapdragon Auto, Snapdragon Compute, 2021-06-09 not yet /|CVE-2020-11239 
Snapdragon Connectivity, Snapdragon Consumer IOT, calculated ||CONFIRM 
Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 
Voice & Music, Snapdragon Wearables 


qualcomm -- 
multiple_snapdragon_products 








Trusted APPS to overwrite the CPZ memory of another use-case 
as TZ only checks the physical address not overlapping with its 























eualcanm ~ memory and its RoT memory in Snapdragon Auto, Snapdragon not yet |CVE-2020-11178 
multiple Shaparagon_products Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, ete \-Oe-0e calculated ||CONFIRM 
Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 
Moice & Music, Snapdragon Wired Infrastructure and Networking 
qualcomm -- An improper free of uninitialized memory can occur in DIAG 
multiple_snapdragon_products services in Snapdragon Compute, Snapdragon Industrial |OT, 2021-06-09 not yet |CVE-2020-11260 
° calculated ||CONFIRM 
Snapdragon Mobile 
Memory corruption due to improper check to return error when 
user application requests memory allocation of a huge size in 
qualcomm -- Snapdragon Auto, Snapdragon Compute, Snapdragon 2021-06-09 not yet CVE-2020-11261 
multiple_snapdragon_productss Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial calculated ||CONFIRM 
IOT, Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wearables 
Memory corruption due to lack of validation of pointer arguments 
qualcomm — ‘ : meas d tote Trustzone BSP in Snapdragon Wired Infrastructure 2021-06-09 ee 
snapdragon_wired_infrastructure_a WHR hg calculated ||CONFIRM 








Information disclosure issue due to lack of validation of pointer 


qualcomm -- ne not yet |CVE-2020-11265 
snapdragon_wired_infrastructure_anq Gn WeRRRe ee Baty eer erage ty ee nueine) ceive ee calculated ||CONFIRM 



































qualcomm -- Memory corruption due to lack of check of validation of pointer to not yet |ICVE-2020-11256 
snapdragon_wired_infrastructure_aflouffestywessed to trustzone in Snapdragon Wired Infrastructure 2021-06-09 eaie ted ICONFIRM 
and Networking fee 
qualcomm -- Memory corruption due to lack of validation of pointer arguments not yet |ICVE-2020-11257 
snapdragon_wired_infrastructure_amoassddbokimgstZone BSP in Snapdragon Wired Infrastructure 2021-06-09 aie ted CONFIRM. 
and Networking pee ee 
qualcomm -- Memory corruption due to lack of validation of pointer arguments not yet IICVE-2020-11258 
snapdragon_wired_infrastructure_afassxddokimgstzone BSP in Snapdragon Wired Infrastructure 2021-06-09 ae ted ICONFIRM 
and Networking ———— 
qualcomm -- Image address is dereferenced before validating its range which i . 
snapdragon_wired_infrastructure_afcamesuskingtential QSEE information leakage in Snapdragon 2021-06-09 a a d aT 
Wired Infrastructure and Networking (cceiaaiearaNacins 











RabbitMQ all versions prior to 3.8.16 are prone to a denial of 
service vulnerability due to improper input validation in AMQP 1.0 
client connection endpoint. A malicious user can exploit the 2021-06-08 
vulnerability by sending malicious AMQP messages to the target 
RabbitMQ instance having the AMQP 1.0 plugin enabled. 


receita -- federal_irpf Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack 
: 2021-06-12 
against the update feature. calculated 


rabbitmq -- rabbitmq not yet |CVE-2021-22116 


calculated |IMISC 








MISC 





























not yet Fe ea 
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red_hat -- red_hat 


A flaw was found in wildfly. The EJBContext principle is not 
popped back after invoking another EJB using a different Security 
Domain. The highest threat from this vulnerability is to data 
confidentiality and integrity. Versions before wildfly 20.0.0.Final 
are affected. 


2021-06-07 


not yet 
calculated 


CVE-2020-1719 
MISC 





red_hat -- red_hat 


A flaw was found in the machine-config-operator that causes an 


OpenShift node to become unresponsive when a container 
consumes a large amount of memory. An attacker could use this 
flaw to deny access to schedule new pods in the OpenShift 
cluster. This was fixed in openshift/machine-config-operator 
4.4.3, openshift/machine-config-operator 4.3.25, 
openshift/machine-config-operator 4.2.36. 


2021-06-07 


not yet 
calculated 





CVE-2020-1750 
MISC 








red_hat -- red_hat 


[An improper authorization flaw was discovered in openstack- 
selinux's applied policy where it does not prevent a non-root user 
in acontainer from privilege escalation. A non-root attacker in 
one or more Red Hat OpenStack (RHOSP) containers could 
send messages to the dbus. With access to the dbus, the 
attacker could start or stop services, possibly causing a denial of 
service. Versions before openstack-selinux 0.8.24 are affected. 


2021-06-07 


not yet 
calculated 


CVE-2020-1690 
MISC 








reg-viz -- regi-suit 


reg-keygen-git-hash-plugin is a reg-suit plugin to detect the 
snapshot key to be compare with using Git commit hash. reg- 
keygen-git-hash-plugin through and including 0.10.15 allow 
remote attackers to execute of arbitrary commands. Upgrade to 
version 0.10.16 or later to resolve this issue. 


2021-06-08 


not yet 
calculated 








resteasy -- resteasy 


A reflected Cross-Site Scripting (XSS) flaw was found in 
RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it 
did not properly handle URL encoding when calling 
@javax.ws.rs.PathParam without any @Produces MediaType. 
This flaw allows an attacker to launch a reflected XSS attack. The 
highest threat from this vulnerability is to data confidentiality and 
integrity. 


2021-06-10 


not yet 
calculated 


CVE-2021-20293 
MISC 








restund -- restund 


Restund is an open source NAT traversal server. The restund 
TURN server can be instructed to open a relay to the loopback 
address range. This allows you to reach any other service 
running on localhost which you might consider private. In the 
configuration that we ship (https://github.com/wireapp/ansible- 
restund/blob/master/templates/restund.conf.j2#L40-L43) the 
‘status’ interface of restund is enabled and is listening on 
*127.0.0.1°.The ‘status’ interface allows users to issue 
administrative commands to ‘restund’ like listing open relays or 
draining connections. It would be possible for an attacker to 
contact the status interface and issue administrative commands 
by setting XXOR-PEER-ADDRESS*’ to *127.0.0.1: 
{{restund_udp_status_port}} when opening a TURN channel. We 
now explicitly disallow relaying to loopback addresses, ‘any' 
addresses, link local addresses, and the broadcast address. As a 
workaround disable the ‘status’ module in your restund 
configuration. However there might still be other services running 
on *127.0.0.0/8° that you do not want to have exposed. The ‘turn’ 
module can be disabled. Restund will still perform STUN and this 
might already be enough for initiating calls in your environments. 
TURN is only used as a last resort when other NAT traversal 
options do not work. One should also make sure that the TURN 
server is set up with firewall rules so that it cannot relay to other 
addresses that you don't want the TURN server to relay to. For 
example other services in the same VPC where the TURN server 
is running. Ideally TURN servers should be deployed in an 
isolated fashion where they can only reach what they need to 
reach to perform their task of assisting NAT-traversal. 


2021-06-11 


not yet 
calculated 


MISC 
CONFIRM 
MISC 
MISC 
MISC 
MISC 


CVE-2021-21382 
MISC 








ripgrep -- ripgrep 


ripgrep before 13 allows attackers to trigger execution of arbitrary 
programs from the current working directory via the -z/--search- 
zip or --pre flag. 


2021-06-11 


not yet 
calculated 


CVE-2021-3013 
CONFIRM 








ruby_on_rails -- ruby_on_rails 


The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 
suffers from a possible denial of service vulnerability in the Token 
Authentication logic in Action Controller due to a too permissive 
regular expression. Impacted code uses 
‘authenticate_or_request_with_http_token’ or 
‘authenticate_with_http_token’ for request authentication. 


2021-06-11 


not yet 
calculated 


CVE-2021-22904 
MISC 
MISC 








ruby_on_rails -- ruby_on_rails 














The actionpack ruby gem (a framework for handling and 
responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 
suffers from a possible denial of service vulnerability in the Mime 
type parser of Action Dispatch. Carefully crafted Accept headers 
can cause the mime type parser in Action Dispatch to do 
catastrophic backtracking in the regular expression engine. 
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2021-06-11 








not yet 
calculated 


CVE-2021-22902 
MISC 
MISC 
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Primary er : Cvss Source & Patch 
Vendor -- Product PescnpHell Papilsher Score Info 
The actionpack ruby gem before 6.1.3.2 suffers from a possible 
open redirect vulnerability. Specially crafted Host headers in 
combination with certain "allowed host" formats can cause the 
HibVcon. Fale -Sriby “anerails Host Authorization middleware in Action Pack to redirect users to not vet CVE-2021-22903 
y_on_ y_on_ a malicious website. This is similar to CVE-2021-22881. Strings | 2021-06-11 | 7° Y% , |MISC 
in config.hosts that do not have a leading dot are converted to MISC 
regular expressions without proper escaping. This causes, for 
example, ‘config.hosts << "sub.example.com" to permit a 
request with a Host header value of “sub-example.com’. 
Intent redirection vulnerability in Samsung Account prior to 
samsung -- account version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in 2021-06-11 not yet |CVE-2021-25403 
Android Q(10.0) and above allows attacker to access contacts calculated ||MISC 
and file provider using SettingWebView component. 
samsung -- bixby_voice Intent redirection vulnerability in Bixby Voice prior to version 2021-06-11 not yet |CVE-2021-25398 
3.1.12 allows attacker to access contacts. calculated ||MISC 
: Improper access control of a component in CallBGProvider prior 
SSieUNG = Calg ROOM to SMR JUN-2021 Release 1 allows local attackers to access 2021-06-11 hot yet | eeeeeoe1) 
; : ‘ bey calculated MISC 
arbitrary files with an escalated privilege. 
Improper sanitization of incoming intent in Samsung Contacts 
samsung -- contacts prior to SMR JUN-2021 Release 1 allows local attackers to get 2021-06-11 not yet |CVE-2021-25413 
permissions to access arbitrary data with Samsung Contacts calculated MISC 
privilege. 
[Improper sanitization of incoming intent in Samsung Contacts _| 
Selnisunig'==Gantacls prior to SMR JUN-2021 Release 1 allows local attackers to copy || 2021-06-11 notyet | GVE-2021-25414 
A : ‘ ; ted calculated MISC 
or overwrite arbitrary files with Samsung Contacts privilege. 
Improper log management vulnerability in Galaxy Watch3 PlugIn 
samsung -- galaxy_watch3_plugin ||prior to version 2.2.09.21033151 allows attacker with log 2021-06-11 not yet |CVE-2021-25421 
permissions to leak Wi-Fi password connected to the user calculated ||MISC 
smartphone within log. 
Improper log management vulnerability in Watch Active Plugin 
= . prior to version 2.2.07.21033151 allows attacker with log ne. not yet |CVE-2021-25422 
Samsung Galaxy Walch plugin permissions to leak Wi-Fi password connected to the user eteinen calculated ||MISC 
smartphone within log. 
Improper log management vulnerability in Galaxy Watch Plug!n 
samsung -- galaxy_watch_plugin __||prior to version 2.2.05.21033151 allows attacker with log 2021-06-11 not yet |CVE-2021-25420 
permissions to leak Wi-Fi password connected to the user calculated ||MISC 
smartphone within log. 
Improper log management vulnerability in Watch Active2 Plugin 
samsung -- galazy_watch_plugin _ |prior to 2.2.08.21033151 version allows attacker with log 2021-06-11 not yet |CVE-2021-25423 
permissions to leak Wi-Fi password connected to the user calculated MISC 
smartphone via log. 
Information exposure vulnerability in Gear S Plugin prior to 
Salmieune!= Fate version 2.2.05.20122441 allows unstrusted applications to 2021-06-11 || notyet |GWE-2021-25406 
ager : calculated ||MISC 
access connected BT device information. 
[An improper access control vulnerability in genericssoservice 
samsung -- genericsoservice prior to SMR JUN-2021 Release 1 allows local attackers to not yet |CVE-2021-25412 
eee: ce : 2021-06-11 
execute protected activity with system privilege via untrusted calculated ||MISC 
applications. 
SaiicHneyeaay 6.17 allows attacker to read internal cache data via exported 2021-06-11 tise ) oo 
component. calculated |MISC 
samsung -- health Intent redirection vulnerability in Samsung Health prior to version 2021-06-11 not yet |CVE-2021-25401 
6.16 allows attacker to execute privileged action. calculated ||MISC 
Non-compliance of recommended secure coding scheme in 
samsung -- internet Samsung Internet prior to version 14.0.1.62 allows attackers to 2021-06-11 a fae 
display fake URL in address bar via phising URL link. (eas: 
n Improper component protection vulnerability in Samsung Internet : - 
sammisuna!=-sitenne prior to version 14.0.1.62 allows untrusted applications to execute|/ 2021-06-11 Hetyet eeeeeiaes 
: Se iA oe calculated ||MISC 
arbitrary activity in specific condition. 
samsung -- internet Intent redirection vulnerability in Samsung Internet prior to 2021-06-11 not yet ||CVE-2021-25400 
version 14.0.1.20 allows attacker to execute privileged action. calculated ||MISC 
samsung -- knoxcore Improper caller check vulnerability in Knox Core prior to SMR 2021-06-11 not yet oe 
MAY-2021 Release 1 allows attackers to install arbitrary app. calculated MISC 
; A race condition in MFC charger driver prior to SMR MAY-2021 
saimsung mic enarger driver Release 1 allows local attackers to bypass signature check given || 2021-06-11 eS | 
ila : , calculated ||MISC 
a radio privilege is compromised. 
Samsung -- mfc_charger_driver—lariver prior to SMR MAY-2021 Release 1 allows arbitrary write || 2021-06-11 ona oo 








given a radio privilege is compromised. 
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Primary we : CVvss Source & Patch 
Vendor -- Product PescapHen Papilsher Score Info 
An improper access control vulnerability in ScreenOffActivity in 
serasung’—neles Samsung Notes prior to version 4.2.04.27 allows untrusted 2021-06-11 Bae Meee 
applications to access local files. ae 
eaimsling wsnotes Information Exposure vulnerability in Samsung Notes prior to not yet |ICVE-2021-25402 
g version 4.2.04.27 allows attacker to access s pen latency 2021-06-11 eee MISC ..SOC~S™S 
information. ieee 
ee Improper access in Notification setting prior to SMR JUN-2021 
ealeuneSrounicatien Release 1 allows physically proximate attackers to set arbitrary 2021-06-11 ee oe 
notification via physically configuring device. ——— 
A possible buffer overflow vulnerability in NPU driver prior to 
samsung -- npu_driver - elease 1 allows arbitrary memory write an -06- wea 
dri SMR JUN-2021 Release 1 allows arbit ite and 2021-06-11 | oaks 
code execution. ——— 
samsung -- npu_driver A possible out of bounds write vulnerability in NPU driver prior to 2021-06-11 not yet ||CVE-2021-25407 
SMR JUN-2021 Release 1 allows arbitrary memory write. calculated MISC 
a : An improper input validation vulnerability in NPU firmware prior to i : 
samsung — npu_firmware SMR MAY-2021 Release 1 allows arbitrary memory write and 2021-06-11 | notyet |ICWE-2021-25396 
: calculated MISC 
code execution. 
samsung -- phototable Intent redirection vulnerability in PhotoTable prior to SMR MAY- 2021-06-11 not yet ee 
2021 Release 1 allows attackers to execute privileged action. calculated MISC 
- ' Improper address validation vulnerability in RKP api prior to SMR i a 
Samsung =Stnpap! JUN-2021 Release 1 allows root privileged local attackers to 2021-06-11 Pa say oe 
write read-only kernel memory. —— 
Improper running task check in S Secure prior to SMR MAY-2021 
pee Seven Release 1 allows attackers to use locked app without 2021-06-11 Bean ry ns 
authentication. (acacia 
_ [Assuming EL1 is compromised, an improper address validation in a a 
pales aeone RKP prior to SMR JUN-2021 Release 1 allows local attackers to || 2021-06-11 | Notyet |CVE-2021-25415 
: calculated ||MISC 
remap EL2 memory as writable. 
_ [Assuming EL1 is compromised, an improper address validation in 3 : 
palneuneseleung RKP prior to SMR JUN-2021 Release 1 allows local attackers to | 2021-06-11 | Notyet |CVE-2021-25416 
: calculated ||MISC 
create executable kernel page outside code area. 
samsung -- Samsung Improper authorization in SDP SDK prior to SMR JUN-2021 2021-06-11 not yet |CVE-2021-25417 
Release 1 allows access to internal storage. calculated ||MISC 
: Improper sanitization of incoming intent in SecSettings prior to CVE-2021-25393 
ian Saal SMR MAY-2021 Release 1 allows local attackers to get 2021-06-11 | Notyet Imisc 
is : calculated 
permissions to access system uid data. MISC 
Sain slindwxeecurectoldar Intent redirection vulnerability in Secure Folder prior to SMR fiat wet CVE-2021-25391 
g - MAY-2021 Release 1 allows attackers to execute privileged 2021-06-11 ed MISC 
action. MISC 
Improper configuration in Smart Manager prior to version not yet |CVE-2021-25399 
sensung = sar Ineneger 11.0.05.0 allows attacker to access the file with system privilege. 2021-06-11 | caiculated ||MISC 
samsung -- smartthings Information Exposure vulnerability in SmartThings prior to version 2021-06-11 not yet |CVE-2021-25404 
1.7.64.21 allows attacker to access user information via log. calculated MISC 
7 . An improper access control vulnerability in TelephonyUI prior to CVE-2021-25397 
palusungielephanyel SMR MAY-2021 Release 1 allows local attackers to write arbitrary| 2021-06-11 | "Otyet Imisc 
: : spe calculated 
files of telephony process via untrusted applications. MISC 
a4 Improper authentication vulnerability in Tizen bluetooth-frwk prior a r 
paltsue/=- teen Pine leom to Firmware update JUN-2021 Release allows bluetooth attacker || 2021-06-11 hot yet | GvesdU2tZbe28 
: : : calculated ||MISC 
to take over the user's bluetooth device without user awareness. 
. Improper protection of backup path configuration in Samsung CVE-2021-25392 
pamisung eX Dex prior to SMR MAY-2021 Release 1 allows local attackers to | 2021-06-11 | "Otyet misc 
Sas ; F ; calculated 
get sensitive information via changing the path. MISC 
Under certain conditions, the installation of SAP Business One, CVE-2021-33662 
sap -- business_one version - 10.0, discloses sensitive information on the file system 2021-06-09 not yet MSC ..-—™ 
allowing an attacker to access information which would otherwise calculated MISC 
be restricted. (geal 
When SAP Commerce Cloud version 100, hosts a JavaScript CVE-2021-33666 
sap -- commerce_cloud storefront, it is vulnerable to MIME sniffing, which, in certain not yet |,,a °° °°» 
P - g 2021-06-09 yer, |MISC 
circumstances, could be used to facilitate an XSS attack or calculated MISC 
malware proliferation. ince 
Under certain conditions SAP Enable Now (SAP Workforce CVE-2021-27637 
sap -- enable_now Performance Builder - Manager), versions - 1.0, 10 allows an 2021-06-09 not yet MISC..OtCt~™S 
attacker to access information which would otherwise be calculated MISC 








restricted leading to information disclosure. 
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sap -- internet_graphics_service 


SAP Internet Graphics Service, versions - 
7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated 
attacker after retrieving an existing system state value can submit 
a malicious IGS request over a network which due to insufficient 
input validation in method Ups::AddPart() which will trigger an 
internal memory corruption error in the system causing the 
system to crash and rendering it unavailable. In this attack, no 
data in the system can be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27620 
MISC 
MISC 








sap -- internet_graphics_service 


SAP Internet Graphics Service, versions - 
7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated 
attacker after retrieving an existing system state value can submit 
a malicious IGS request over a network which due to insufficient 
input validation in method 
CDrawRaster::LoadimageFromMemory() which will trigger an 
internal memory corruption error in the system causing the 
system to crash and rendering it unavailable. In this attack, no 
data in the system can be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27622 
MISC 
MISC 








sap -- internet_graphics_service 


SAP Internet Graphics Service, versions - 
7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated 
attacker after retrieving an existing system state value can submit 
a malicious IGS request over a network which due to insufficient 
input validation in method CXmlUtility::CheckLength() which will 
trigger an internal memory corruption error in the system causing 
the system to crash and rendering it unavailable. In this attack, 
no data in the system can be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27623 
MISC 
MISC 








sap -- internet_graphics_service 


SAP Internet Graphics Service, versions - 
7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated 
attacker after retrieving an existing system state value can submit 
a malicious IGS request over a network which due to insufficient 
input validation in method CiXMLIStreamRawBuffer::readRaw () 
Which will trigger an internal memory corruption error in the 
system causing the system to crash and rendering it unavailable. 
In this attack, no data in the system can be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27624 
MISC 
MISC 








sap -- internet_graphics_service 


SAP Internet Graphics Service, versions - 
7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated 
attacker after retrieving an existing system state value can submit 
a malicious IGS request over a network which due to insufficient 
input validation in method IgsData::freeMemory() which will 
trigger an internal memory corruption error in the system causing 
the system to crash and rendering it unavailable. In this attack, 
no data in the system can be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27625 
MISC 
MISC 








sap -- internet_graphics_service 


SAP Internet Graphics Service, versions - 
7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated 
attacker after retrieving an existing system state value can submit 
a malicious IGS request over a network which due to insufficient 
input validation in method CMiniXMLParser::Parse() which will 
trigger an internal memory corruption error in the system causing 
the system to crash and rendering it unavailable. In this attack, 
no data in the system can be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27626 
MISC 
MISC 





sap -- internet_graphics_service 


SAP Internet Graphics Service, versions - 
7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated 
attacker after retrieving an existing system state value can submit 
a malicious IGS request over a network which due to insufficient 
input validation in method ChartInterpreter::Dolt() which will 
trigger an internal memory corruption error in the system causing 
the system to crash and rendering it unavailable. In this attack, 
no data in the system can be viewed or modified. 


2021-06-09 


not yet 
calculated 





CVE-2021-27627 
MISC 
MISC 








sap -- manufacturing_execution 


SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, 
does not contain some HTTP security headers in their HTTP 
response. The lack of these headers in response can be 
exploited by the attacker to execute Cross-Site Scripting (XSS) 
attacks. 


2021-06-09 


not yet 
calculated 


CVE-2021-27615 
MISC 
MISC 








sap -- 
mobile_sdk_certificate_provider 


Under certain conditions, SAP Mobile SDK Certificate Provider 
allows a local unprivileged attacker to exploit an insecure 
temporary file storage. For a successful exploitation user 
interaction from another user is required and could lead to 
complete impact of confidentiality integrity and availability. 


2021-06-09 


not yet 
calculated 


CVE-2021-33669 
MISC 








sap -- netweaver 











SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 
710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently 
encode input and output parameters which results in reflected 
cross site scripting vulnerability, through which a malicious user 
can access data relating to the current session and use it to 
impersonate a user and access all information with the same 
rights as the target user. 








2021-06-09 








not yet 
calculated 





CVE-2021-21490 
MISC 
MISC 
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sap -- netweaver 


702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 
contains function module SRM_RFC_SUBMIT_REPORT which 
fails to validate authorization of an authenticated user thus 
allowing an unauthorized user to execute reports in SAP 
NetWeaver ABAP Platform. 


SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 


2021-06-09 


not yet 
calculated 


CVE-2021-21473 
MISC 
MISC 








sap -- 


netweaver_abap_server_and__abap ms} 


SAP NetWeaver ABAP Server and ABAP Platform (Enqueue 
Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 
7.22,7.22EXT,7.49, KRNL64UC - 
8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 
7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker 
wit gut specific knowledge of the system to send a specially 

ed packet over a network which will trigger an internal error 
in the system due to improper input validation in method 
EncOAMParamStore() causing the system to crash and 
rendering it unavailable. In this attack, no data in the system can 
be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27606 
MISC 
MISC 








sap -- 


SAP NetWeaver ABAP Server and ABAP Platform (Enqueue 
Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 
7.22,7.22EXT,7.49, KRNL64UC - 
8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 
7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker 


netweaver_abap_server_and_abap||wli&tfarhspecific knowledge of the system to send a specially 


crafted packet over a network which will trigger an internal error 
in the system due to improper input validation in method 
EncPSetUnsupported() causing the system to crash and 
rendering it unavailable. In this attack, no data in the system can 
be viewed or modified. 


2021-06-09 


not yet 
calculated 


MISC 
MISC 








sap -- 


SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), 
versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 
7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 
8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 
7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an 


netweaver_abap_server_and_abap||yhatfidnenticated attacker without specific knowledge of the 


system to send a specially crafted packet over a network which 
will trigger an internal error in the system due to improper input 
validation in method DpRTmPrepareReq() causing the system to 
crash and rendering it unavailable. In this attack, no data in the 
system can be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27628 
MISC 
MISC 


CVE-2021-27629 








sap -- 


SAP NetWeaver ABAP Server and ABAP Platform (Enqueue 
Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 
7.22,7.22EXT,7.49, KRNL64UC - 
8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 
7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker 


netweaver_abap_server_and_abap||wli&tfrhspecific knowledge of the system to send a specially 


crafted packet over a network which will trigger an internal error 
in the system due to improper input validation in method 
EnqConvUniToSrvReq() causing the system to crash and 
rendering it unavailable. In this attack, no data in the system can 
be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27632 
MISC 
MISC 








sap -- 


SAP NetWeaver ABAP Server and ABAP Platform (Enqueue 


Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 
7.22,7.22EXT,7.49, KRNL64UC - 
8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 
7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker 


netweaver_abap_server_and_abap|hwl&tf@rhspecific knowledge of the system to send a specially 


crafted packet over a network which will trigger an internal error 
in the system due to improper input validation in method 
EnqConvUniToSrvReq() causing the system to crash and 
rendering it unavailable. In this attack, no data in the system can 
be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27631 
MISC 
MISC 








sap -- 








SAP NetWeaver ABAP Server and ABAP Platform (Enqueue 
Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 
7.22,7.22EXT,7.49, KRNL64UC - 
8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 
7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker 


netweaver_abap_server_and_abap||wli&tfrtspecific knowledge of the system to send a specially 


crafted packet over a network which will trigger an internal error 
in the system due to improper input validation in method 
EnqConvUniToSrvReq() causing the system to crash and 
rendering it unavailable. In this attack, no data in the system can 
be viewed or modified. 











2021-06-09 








not yet 
calculated 


CVE-2021-27630 
MISC 
MISC 
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sap -- 


SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), 


versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 
7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 
8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 
7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an 


netweaver_abap_server_and_abap||whatfidnenticated attacker without specific knowledge of the 


system to send a specially crafted packet over a network which 
will trigger an internal error in the system due to improper input 
validation in method ThSnclin() causing the system to crash and 
rendering it unavailable. In this attack, no data in the system can 
be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27607 
MISC 
MISC 








sap -- 


netweaver_application_server 


Information Disclosure vulnerability in UserAdmin application in 
SAP NetWeaver Application Server for Java, versions - 
7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access 
restricted information by entering malicious server name. 


2021-06-09 


not yet 
calculated 


CVE-2021-27621 
MISC 
MISC 








sap -- 


SAP NetWeaver AS ABAP, versions - KRNL32NUC - 
7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 
7.22,7.22EXT,7.49, KRNL64UC - 
8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 


netweaver_application_server_abap\7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an 


unauthorized attacker to insert cleartext commands due to 
improper restriction of I/O buffering into encrypted SMTP 
sessions over the network which can partially impact the integrity 
of the application. 


2021-06-09 


not yet 
calculated 


MISC 
MISC 








sap -- 


SAP NetWeaver Application Server ABAP (Applications based on 
Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, 


netweaver_application_server_abapSAP_BASIS - 702, 731 does not sufficiently encode user- 


controlled inputs, resulting in Cross-Site Scripting (XSS) 
vulnerability. 


2021-06-09 


not yet 
calculated 


CVE-2021-33664 
MISC 
MISC 








sap -- 


SAP NetWeaver Application Server ABAP (Applications based on 
SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC 


netweaver_application_server_abap- 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not 


sufficiently encode user-controlled inputs, resulting in Cross-Site 
Scripting (XSS) vulnerability. 


2021-06-09 


not yet 
calculated 


CVE-2021-33665 
MISC 
MISC 








sap -- netweaver_as 


SAP NetWeaver AS for ABAP (RFC Gateway), versions - 
KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, 
KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 
7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an 
unauthenticated attacker without specific knowledge of the 
system to send a specially crafted packet over a network which 
will trigger an internal error in the system due to improper input 
validation in method ThCPIC() causing the system to crash and 
rendering it unavailable. In this attack, no data in the system can 
be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27633 
MISC 
MISC 


CVE-2021-33663 





sap -- netweaver_as 


SAP NetWeaver AS for ABAP (RFC Gateway), versions - 
KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, 
KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 
7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an 
unauthenticated attacker without specific knowledge of the 
system to send a specially crafted packet over a network which 
will trigger an internal error in the system due to improper input 
validation in method ThCpicDtCreate () causing the system to 
crash and rendering it unavailable. In this attack, no data in the 
system can be viewed or modified. 


2021-06-09 


not yet 
calculated 





CVE-2021-27634 
MISC 
MISC 








sap -- netweaver_as 


SAP NetWeaver AS for ABAP (RFC Gateway), versions - 
KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, 
KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 
7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an 
unauthenticated attacker without specific knowledge of the 
system to send a specially crafted packet over a network which 
will trigger an internal error in the system due to improper input 
validation in method memmove() causing the system to crash 
and rendering it unavailable. In this attack, no data in the system 
can be viewed or modified. 


2021-06-09 


not yet 
calculated 


CVE-2021-27597 
MISC 
MISC 














sap -- netweaver_as 





SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 
7.50, allows an attacker authenticated as an administrator to 
connect over a network and submit a specially crafted XML file in 
the application because of missing XML Validation, this 
vulnerability enables attacker to fully compromise confidentiality 
by allowing them to read any file on the filesystem or fully 
compromise availability by causing the system to crash. The 
attack cannot be used to change any data so that there is no 
compromise as to integrity. 
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2021-06-09 








not yet 
calculated 


CVE-2021-27635 
MISC 
MISC 
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Due to improper input sanitization, specially crafted LDAP : 
queries can be injected by an unauthenticated user. This could 2021-06-09 Meee 
partially impact the confidentiality of the application. (ars 


Seceon aiSIEM before 6.3.2 (build 585) is prone to an 
unauthenticated account takeover vulnerability in the Forgot 
seceon -- aisiem Password feature. The lack of correct configuration leads to not yet 
3 : 2021-06-08 
recovery of the password reset link generated via the password calculated 
reset functionality, and thus an unauthenticated attacker can set 
an arbitrary password for any user. 


A vulnerability exists in gowitness < 2.3.6 that allows an 
unauthenticated attacker to perform an arbitrary file read using 2021-06-09 
the file:// scheme in the url parameter to get an image of any file. 


sge-plc1000 -- sge- SGE-PLC1000 device, in its 0.9.2b firmware version, does not 
plc1000_ firmware handle some requests correctly, allowing a remote attacker to 2021-06-09 
inject code into the operating system with maximum privileges. 


Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA 
R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS 
R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S 
R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 
R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S 
R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q 
sharp -- nec_displays R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q 2021-06-07 not yet 
R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q calculated 
R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q 
R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q 
R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q 
R2.000 and prior to it) allows an attacker a buffer overflow and to 
execute remote code by sending long parameters that contains 
specific characters in http request. 


Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA 
R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS 
R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S 
R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 
R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S 
R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q 
sharp -- nec_displays R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q 2021-06-07 not yet 

R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q calculated 
R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q 
R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q 
R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q 
R2.000 and prior to it) allows an attacker to obtain root privileges 
and execute remote code by sending unintended parameters that 
contain specific characters in http request. 


A vulnerability has been identified in Mendix SAML Module (All 
versions < V2.1.2). The configuration of the SAML module does 
not properly check various restrictions and validations imposed 2021-06-08 
by an identity provider. This could allow a remote authenticated 
attacker to escalate privileges. 


The jutil.dll library in all versions of Solid Edge SE2020 before 
2020MP 14 and all versions of Solid Edge SE2021 before 
SE2021MP5 lack proper validation of user-supplied data when 
parsing DFT files. This could result in an out-of-bounds write past |) 2021-06-08 
the end of an allocation structure. An attacker could leverage this 
vulnerability to execute code in the context of the current 
process. 


The ugeom2d.dll library in all versions of Solid Edge SE2020 
before 2020MP14 and all versions of Solid Edge SE2021 before 
SE2021MP5 lack proper validation of user-supplied data when 
parsing DFT files. This could result in an out-of-bounds write past || 2021-06-08 
the end of an allocated structure. An attacker could leverage this 
vulnerability to execute code in the context of the current 
process. 


SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in 
CSSContentParser. A developer utility meant for parsing HTML 
within unit tests can be vulnerable to XML External Entity (XXE) 
attacks. When this developer utility is misused for purposes 
involving external or user submitted data in custom project code, |} 2021-06-08 
it can lead to vulnerabilities such as XSS on HTML output 
rendered through this custom code. This is now mitigated by 
disabling external entities during parsing. (The correct CVE ID 
year is 2020 [CVE-2020-25817, not CVE-2021-25817]). 





sap -- scimono not yet 


calculated 











CVE-2021-28293 
MISC 
MISC 








not yet CVE-2021-33359 
calculated || an 


sensepost -- gowitness 








CVE-2021-33841 
CONFIRM 


not yet 
calculated 








CVE-2021-20699 
MISC 








CVE-2021-20698 
MISC 








siemens -- mendix_saml_module CVE-2021-33712 


MISC 


not yet 
calculated 








siemens -- solid_edge CVE-2021-31343 


MISC 


not yet 
calculated 








siemens -- solid_edge CVE-2021-31342 


MISC 


not yet 
calculated 








CVE-2020-25817 
CONFIRM 

MISC 

MISC 

MISC 


silverstripe -- csscontentparser not yet 


calculated 
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CVE-2020-26138 
silverstripe -- formfield In SilverStripe through 4.6.0-rc1, a FormField with square 2021-06-08 not yet aoe 
brackets in the field name skips validation. calculated MISC 
MISC 
CVE-2020-26136 
silverstripe -- graphql In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA 2021-06-08 not yet aoe 
(multi-factor authentication) when using basic authentication. calculated MISC 
MISC 
A vulnerability has been identified in SIMATIC RF166C (All 
versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > 
V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < 
1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), 
eee ee SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC 
sinaae--Pimiane RF188Cl (All versions > V1.1 and < V1.3.2), SIMATIC RF360R_ | 2021-06-08 | TOLYet oe 
(All versions), SIMATIC RF615R (All versions > V3.0), SIMATIC hous 
RF680R (All versions > V3.0), SIMATIC RF685R (All versions > 
V3.0). Affected devices do not properly handle large numbers of 
incoming connections. An attacker may leverage this to cause a 
Denial-of-Service situation. 
A vulnerability has been identified in Simcenter Femap 2020.2 
(All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All 
versions < V2021.1.MP3). The femap.exe application lacks 
simcenter -- femap proper validation of user-supplied data when parsing FEMAP 2021-06-08 not yet |CVE-2021-27387 
files. This could result in an out of bounds write past the end of calculated ||MISC 
an allocated structure, a different vulnerability than CVE-2021- 
27399. An attacker could leverage this vulnerability to execute 
code in the context of the current process. (ZDI-CAN-12819) 
A vulnerability has been identified in Simcenter Femap 2020.2 
(All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All 
versions < V2021.1.MP3). The femap.exe application lacks 
simcenter -- femap proper validation of user-supplied data when parsing FEMAP 2021-06-08 not yet |ICVE-2021-27399 
files. This could result in an out of bounds write past the end of calculated ||MISC 
an allocated structure, a different vulnerability than CVE-2021- 
27387. An attacker could leverage this vulnerability to execute 
code in the context of the current process. (ZDI-CAN-12820) 
smartstream -- SmartStream Transaction Lifecycle Management (TLM) natvet CVE-2020-24662 
transaction_lifecycle_management _|l@econitidéatondreennimm (RP) <3.1.0 allows XSS. This was fixed 2021-06-10 ai eied MISC 
in TLM RP 3.1.0. MISC 
[An issue was discovered in Squid before 4.15 and 5.x before ao 
squid squid 5.0.6. An integer overflow problem allows a remote server to not yet |IMISC 
a q achieve Denial of Service when delivering responses to HTTP 2021-06-08 | ae d |IFEDORA 
Range requests. The issue trigger is a header that can be areal FEDORA 
expected to exist in HTTP traffic without any malicious intent. MLIST 
A Incorrect Default Permissions vulnerability in the packaging of 
inn of SUSE Linux Enterprise Server 11-SP3; openSUSE 
Backports SLE-15-SP2, openSUSE Leap 15.2 allows local 
suse -- linux_enterprise_server attackers to escalate their privileges from the news user to root. 2021-06-10 not yet |CVE-2021-31998 
This issue affects: SUSE Linux Enterprise Server 11-SP3 inn calculated ||CONFIRM 
version inn-2.4.2-170.21.3.1 and prior versions. openSUSE 
Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE 
Leap 15.2 inn versions prior to 2.6.2. 
a UNIX Symbolic Link (Symlink) Following vulnerability in python- 
postorius of openSUSE Leap 15.2, Factory allows local attackers 
suse -- opensuse to escalate from users postorius or postorius-admin to root. This 2021-06-10 not yet |CVE-2021-31997 
issue affects: openSUSE Leap 15.2 python-postorius version calculated ||CONFIRM 
1.3.2-lp152.1.2 and prior versions. openSUSE Factory python- 
postorius version 1.3.4-2.1 and prior versions. 
Tencent GameLoop before 4.1.21.90 downloaded updates over 
an insecure HTTP connection. A malicious attacker in an MITM 
position could spoof the contents of an XML document describing 
an update package, replacing a download URL with one pointing CVE-2021-33879 
teneent = gameloep to an arbitrary Windows executable. Because the only integrity 2021-06-06 be cam MISC 
check would be a comparison of the downloaded file's MD5 caretete alge 
checksum to the one contained within the XML document, the 
downloaded executable would then be executed on the victim's 
machine. 
Hiatuel date The thefuck (aka The Fuck) package before 3.31 for Python not yet —— 
allows Path Traversal that leads to arbitrary file deletion via the 2021-06-10 aie 
" P +n calculated ||MISC 
undo archive operation" feature. MISC 
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thycotic -- password_reset_server ||Thycotic Password Reset Server before 5.3.0 allows credential 2021-06-11 not yet nos 
disclosure. calculated MISC 
FastAPI is a web framework for building APIs with Python 3.6+ 
based on standard Python type hints. FastAPI versions lower 
than 0.65.2 that used cookies for authentication in path 
operations that received JSON payloads sent by browsers were 
vulnerable to a Cross-Site Request Forgery (CSRF) attack. In 
versions lower than 0.65.2, FastAPI would try to read the request 
payload as JSON even if the content-type header sent was not 
set to application/json or a compatible JSON media type (e.g. 
application/geo+json). A request with a content type of text/plain 
containing JSON data would be accepted and the JSON data 
tiangolo -- fastapi would be extracted. Requests with content type text/plain are not yet CVE-2021-32677 
exempt from CORS preflights, for being considered Simple 2021-06-09 calculated MISC 
requests. The browser will execute them right away including CONFIRM 
cookies, and the text content could be a JSON string that would 
be parsed and accepted by the FastAPI application. This is fixed 
in FastAPI 0.65.2. The request data is now parsed as JSON only 
if the content-type header is application/json or another JSON 
compatible media type like application/geotjson. It's best to 
upgrade to the latest FastAPI, but if updating is not possible then 
a middleware or a dependency that checks the content-type 
header and aborts the request if it is not application/json or 
another JSON compatible content type can act as a mitigating 
workaround. 
** DISPUTED ** BIRD through 2.0.7 does not provide 
functionality for password authentication of BGP peers. Because 
of this, products that use BIRD (which may, for example, include 
tigera -- tigera Tigera products in some configurations, as well as products of 2021-06-04 not yet |CVE-2021-26928 
other vendors) may have been susceptible to route redirection for calculated ||MISC 
Denial of Service and/or Information Disclosure. NOTE: a 
researcher has asserted that the behavior is within Tigera’s area 
of responsibility; however, Tigera disagrees. 
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 
Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). 
: : . All configuration information is placed in the URL, without any CVE-2021-31659 
Lela Aen Dales additional token authentication information. A malicious link 2021-06-10 tise aon MISC 
opened by the switch administrator may cause the password of Sarenete Ae 
the switch to be modified and the configuration file to be 
tampered with. 
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 
Rel.40524 is affected by an Array index error. The interface that CVE-2021-31658 
tp-link -- tp-link_builds provides the "device description" function only judges the length 2021-06-10 not yet MISC..OtC~™S 
of the received data, and does not filter special characters. This calculated MISC 
vulnerability will cause the application to crash, and all device = 
configuration information will be erased. 
There is a stack-overflow at ecma-regexp-object.c:535 in not yet ||CVE-2020-23306 
ESEnt Ss aunt ecma_regexp_match in JerryScript 2.2.0. 2021-06-10 |! -aicuiated tees 
It was discovered that read_file() in apport/hookutils.py would 
follow symbolic links or open FIFOs. When this function is used not yet |CVE-2021-32548 
Bunt = ee nN by the openjdk-8 package apport hooks, it could expose private 2021-06-12 |! -aicuiated MISC 
data to other local users. 
There is an Assertion 'context.status_flags & 
ubuntu -- ubuntu PARSER_SCANNING_ SUCCESSFUL failed at js-parser.c:2185 || 2021-06-10 | _Notyet CVE-2020-23312 
i : . calculated ||CONFIRM 
in parser_parse_source in JerryScript 2.2.0. 
There is a heap-buffer-overflow at re-parser.c in not yet |CVE-2020-23323 
Ee ea re_parse_char_escape in JerryScript 2.2.0. 2021-06-10 |! -aicuiated Pane 
It was discovered that read_file() in apport/hookutils.py would 
follow symbolic links or open FIFOs. When this function is used not yet |CVE-2021-32547 
COU nLu tent by the openjdk-Its package apport hooks, it could expose private 2021-06-12 |! -aicuiated MISC 
data to other local users. 
There is an Assertion in 'context_p->next_scanner_info_p->type 
ubuntu -- ubuntu == SCANNER_TYPE_FUNCTION' in 2021-06-10 || netyet |CVE-2020-25520 
: ; : calculated ||CONFIRM 
parser_parse_function_arguments in JerryScript 2.2.0. 
ubuntu -- ubuntu Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows fot vet CVE-2021-25949 
an attacker to cause a denial of service and may lead to remote 2021-06-10 y MISC 
; calculated 
code execution. MISC 
ubuntu -- ubuntu Prototype pollution vulnerability in ‘expand-hash’ versions 0.1.0 not vet CVE-2021-25948 
through 1.0.1 allows an attacker to cause a denial of service and || 2021-06-10 y MISC 
: calculated 
may lead to remote code execution. MISC 
Spent = enone It was discovered that apport in data/apport did not properly open 2021-06-11 not yet |CVE-2021-25684 
a report file to prevent hanging reads on a FIFO. a calculated ||MISC 
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Primary er : CVvss Source & Patch 
Vendor -- Product Pescnpion Pabilshen Score Info 
ubuntu -- ubuntu There is a heap-buffer-overflow at lit-strings.c:431 in 2021-06-10 not yet /CVE-2020-23321 
lit_read_code_unit_from_utf8 in JerryScript 2.2.0. calculated ||CONFIRM 
There is an Assertion in ‘(flags >> 
CBC_STACK_ADJUST_SHIFT) >= 
ubuntu -- ubuntu CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE 2021-06-10 not yet |CVE-2020-23319 
- (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p- calculated ||CONFIRM 
>stack_depth' in parser_emit_cbc_backward_branch in 
JerryScript 2.2.0. 
There is an Assertion in 'context_p->token.type == 
ubuntu -- ubuntu LEXER_RIGHT_BRACE || context_p->token.type == 2021-06-10 not yet |CVE-2020-23322 
LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' calculated ||CONFIRM 
in parser_parse_object_initializer in JerryScript 2.2.0. 
There is an Assertion 'block_found' failed at js-parser- 
ubuntu -- ubuntu - = é , not yet ||CVE-2020-23314 
et aca parser_parse_try_statement_end in JerryScript 2021-06-10 calculated |CONFIRM 
There is an Assertion 'context_p->next_scanner_info_p->type == 
Pees teeners SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in || 2021-06-10 | Notyet  |CVE-2020-23310 
; : é calculated ||CONFIRM 
parser_parse_function_statement in JerryScript 2.2.0. 
There is an Assertion 'scope_stack_p > context_p- : : 
sen >scope_stack_p' failed at js-scanner-util.c:2510 in 2021-06-10 ee ea 
scanner_literal_is created in JerryScript 2.2.0 (arenes 
There is an Assertion 'context_p->stack_depth == context_p- : . 
peu >context_stack_depth' failed at js-parser-statm.c:2756 in 2021-06-10 notyet GVE-2020-25509 
: : calculated ||CONFIRM 
parser_parse_statements in JerryScript 2.2.0. 
There is an Assertion 'context_p->stack_top_uint8 == : c 
Mpuntur=-abeniNd LEXER_EXPRESSION_ START’ at js-parser-expr.c:3565 in 2021-06-10 || netyet /CVE-2020-25508 
— : calculated ||CONFIRM 
parser_parse_expression in JerryScript 2.2.0. 
There is an Assertion 'context_p->token.type == 
LEXER_RIGHT_BRACE || context_p->token.type == 
eee LEXER_ASSIGN || context_p->token.type == LEXER_COMMA’ || 2021-06-10 || Notyet {CVE-2020-23311 
: . . : : eres calculated |CONFIRM 
failed at js-parser-expr.c:3230 in parser_parse_object_initializer 
in JerryScript 2.2.0. 
It was discovered that read_file() in apport/hookutils.py would 
ubuntu -- ubuntu follow symbolic links or open FIFOs. When this function is used 2021-06-12 not yet |CVE-2021-32553 
by the openjdk-17 package apport hooks, it could expose private calculated ||MISC 
data to other local users. 
It was discovered that read_file() in apport/hookutils.py would 
ubuntu -- ubuntu follow symbolic links or open FIFOs. When this function is used 2021-06-12 not yet |CVE-2021-32552 
by the openjdk-16 package apport hooks, it could expose private calculated ||MISC 
data to other local users. 
It was discovered that read_file() in apport/hookutils.py would 
ubuntu -- ubuntu follow symbolic links or open FIFOs. When this function is used 2021-06-12 not yet |CVE-2021-32551 
by the openjdk-15 package apport hooks, it could expose private calculated ||MISC 
data to other local users. 
It was discovered that read_file() in apport/hookutils.py would 
ubuntu -- ubuntu follow symbolic links or open FIFOs. When this function is used 2021-06-12 not yet |CVE-2021-32550 
by the openjdk-14 package apport hooks, it could expose private calculated MISC 
data to other local users. 
It was discovered that read_file() in apport/hookutils.py would 
ubuntu -- ubuntu follow symbolic links or open FIFOs. When this function is used 2021-06-12 not yet |CVE-2021-32554 
by the xorg package apport hooks, it could expose private data to calculated ||MISC 
other local users. 
It was discovered that read_file() in apport/hookutils.py would 
ubuntu -- ubuntu follow symbolic links or open FIFOs. When this function is used 2021-06-12 not yet |CVE-2021-32555 
by the xorg-hwe-18.04 package apport hooks, it could expose calculated ||MISC 
private data to other local users. 
It was discovered that the get_modified_conffiles() function in 
Cp tekty = abn backends/packaging-apt-dpkg.py allowed injecting modified 2021-06-12 Hat yet eee eee 
: calculated ||MISC 
package names in a manner that would confuse the dpkg(1) call. 
It was discovered that the process_report() function in 
Bog ieee data/whoopsie-upload-all allowed arbitrary file writes via 2021-06-12 notyet |GVE-2021-5255/ 
. calculated ||MISC 
symlinks. 
It was discovered that read_file() in apport/hookutils.py would 
ubuntu -- ubuntu follow symbolic links or open FIFOs. When this function is used 2021-06-12 not yet |CVE-2021-32549 
by the openjdk-13 package apport hooks, it could expose private calculated ||MISC 
data to other local users. 
ubuntu -- ubuntu It was discovered that the get_pid_info() function in data/apport 2021-06-11 not yet |CVE-2021-25682 
did not properly parse the /proc/pid/status file from the kernel. calculated ||MISC 
ubuntu -- ubuntu It was discovered that the get_starttime() function in data/apport 2021-06-11 not yet ||CVE-2021-25683 
did not properly parse the /proc/pid/stat file from the kernel. calculated ||MISC 
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prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor 
(CVSM): versions prior to v2.43.02, Welch Allyn Connex 
Integrated Wall System (CIWS): versions prior to v2.43.02, Welch 
Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch 
Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn 
Spot 4400 Vital Signs Extended Care Device: versions prior to 
v1.11.00). 

















Primary we : CVvss Source & Patch 
Vendor -- Product Pesrmpien Pabilehen Score Info 
ubuntu -- ubuntu There is a heap-use-after-free at ecma-helpers-string.c:772 in 2021-06-10 not yet Pa 
ecma_ref_ecma_string in JerryScript 2.2.0 calculated ||CONFIRM 
ubuntu -- ubuntu There is a heap-buffer-overflow at jmem-poolman.c:165 in 2021-06-10 not yet |CVE-2020-23303 
jmem_pools_collect_empty in JerryScript 2.2.0. calculated ||CONFIRM 
IA UNIX Symbolic Link (Symlink) Following vulnerability in python- 
Hyperkitty of openSUSE Leap 15.2, Factory allows local 
unix -- symbolic_link attackers to escalate privileges from the user hyperkitty or 2021-06-10 not yet |CVE-2021-25322 
hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 calculated ||CONFIRM 
python-Hyperkitty version 1.3.2-lp152.2.3.1 and prior versions. 
openSUSE Factory python-Hyperkitty versions prior to 1.3.4-5.1. 
CVE-2021-26472 
vembu -- bdr_suite 'Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote not vet Wea 
Code Execution by placing a command in a GET request (issue 2|| 2021-06-08 y rine 
calculated ||MISC 
of 2). MISC 
MISC 
CVE-2021-26471 
vefibues bdiceule 'Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote not yet Ree 
= Code Execution by placing a command in a GET request (issue 1 |) 2021-06-08 Iculated |IMISC 
of 2). calculate ae 
MISC 
vembu -- bdr_suite Vembu BDR Suite before 4.2.0 allows Unauthenticated file write 2021-06-08 not yet 
via a GET request that specifies a file's name and content. calculated 
CVE-2021-26474 
MISC 
vembu -- bdr_suite 'Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via 2021-06-08 not yet MISC 
a GET request that specifies a hostname and port number. calculated ||MISC 
MISC 
MISC 
VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to 
vernema_matt_broker -- a denial of service attack as a result of excessive memory 
i oar consumption due to the handling of untrusted inputs. These not yet |CVE-2021-33176 
vernemq_mqatt_broker : 2021-06-08 
inputs cause the message broker to consume large amounts of calculated ||MISC 
memory, resulting in the application being terminated by the 
operating system. 
The affected product is vulnerable to an out-of-bounds read, 
which can cause information leakage leading to arbitrary code 
execution if chained to the out-of-bounds write vulnerability on 
the Welch Allyn medical device management tools (Welch Allyn 
Service Tool: versions prior to v1.10, Welch Allyn Connex Device 
Integration Suite — Network Connectivity Engine (NCE): versions 
prior to v5.3, Welch Allyn Software Development Kit (SDK): 
welch_allyn -- multiple_devices versions prior to v3.2, Welch Allyn Connex Central Station (CS): 2021-06-11 not yet |CVE-2021-27408 
versions prior to v1.8.6, Welch Allyn Service Monitor: versions calculated ||MISC 
prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor 
(CVSM): versions prior to v2.43.02, Welch Allyn Connex 
Integrated Wall System (CIWS): versions prior to v2.43.02, Welch 
Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch 
Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn 
Spot 4400 Vital Signs Extended Care Device: versions prior to 
v1.11.00). 
The affected product is vulnerable to an out-of-bounds write, 
Which may result in corruption of data or code execution on the 
Welch Allyn medical device management tools (Welch Allyn 
Service Tool: versions prior to v1.10, Welch Allyn Connex Device 
Integration Suite — Network Connectivity Engine (NCE): versions 
prior to v5.3, Welch Allyn Software Development Kit (SDK): 
: versions prior to v3.2, Welch Allyn Connex Central Station (CS): 
eelehtallyi= sete ple preducts versions prior to v1.8.6, Welch Allyn Service Monitor: versions 2021-06-11 ee ee 
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breaking change and ripples through to all consumers of 
“WP_CLI\Utils\http_request()’, including those in separate WP- 
CLI bundled or third-party packages. https://github.com/wp- 
cli/wp-cli/pull/5523 has also added an *--insecure’ flag to the ‘cli 
update’ command to counter this breaking change. There is no 
direct workaround for the default insecure behavior of ~wp-cli/wp- 
cli versions before 2.5.0. The workaround for dealing with the 
breaking change in the commands directly affected by the new 
secure default behavior is to add the *--insecure’ flag to manually 





opt-in to the previous insecure behavior. 














Prima er . Ccvss Source & Patch 
Vendor -- Product ReccmpHen Papilsher Score Info 
This affects the package Flask-Unchained before 0.9.0. When 
using the the _validate_redirect_url function, it is possible to 
werkzeug -- werkzeug bypass URL validation and redirect a user to an arbitrary URL by not yet CVE-2021-23393 
providing multiple back slashes such as \\evil.com/path. This 2021-06-11 calculated MISC 
vulnerability is only exploitable if an alternative WSGI server MISC 
other than Werkzeug is used, or the default behaviour of 
Werkzeug is modified using 'autocorrect_location_header=False. 
Western Digital EdgeRover before 0.25 has an escalation of 
privileges vulnerability where a low privileged user could load 
western_digital -- edgerover malicious content into directories with higher privileges, because 2021-06-11 not yet |CVE-2021-33205 
of how Node.js is used. An attacker can gain admin privileges calculated ||CONFIRM 
and carry out malicious activities such as creating a fake library 
and stealing user credentials. 
A lack of filename validation when unzipping archives prior to 
whatsapp -- business WhatsApp for Android v2.21.8.13 and WhatsApp Business for 2021-06-11 not yet |CVE-2021-24035 
Android v2.21.8.13 could have allowed path traversal attacks that calculated ||CONFIRM 
overwrite WhatsApp files. 
windows -- mshtml_platform Windows MSHTML Platform Remote Code Execution 2021-06-08 not yet |CVE-2021-33742 
Vulnerability calculated ||MISC 
The FlightLog WordPress plugin through 3.0.2 does not sanitise, CVE-2021-24336 
wordpress -- wordpress validate or escape various POST parameters before using them 2021-06-07 not yet MISC... 
a SQL statement, leading to SQL injections exploitable by editor calculated CONFIRM 
and administrator users aes 
The Easy Preloader WordPress plugin through 1.0.0 does not 
Word phgee = Warapiess sanitise its setting fields, leading to authenticated (admint+) 2021-06-07 not yet |GVE-2021-26544 
Stored Cross-Site scripting issues calculated [CONFIRM 
pting 
The WP Statistics WordPress plugin before 13.0.8 relied on using 
wordpress -- wordpress the WordPress esc_sql() function on a field not delimited by not yet CVE-2021-24340 
quotes and did not first prepare the query. Additionally, the page, || 2021-06-07 ealculated CONFIRM 
which should have been accessible to administrator only, was MISC 
also available to any visitor, including unauthenticated ones. 
The id GET parameter of one of the Video Embed WordPress 
plugin through 1.0's page (available via forced browsing) is not CVE-2021-24337 
Wore niaas ~ MNOnap HESS sanitised, validated or escaped before being used in a SQL 2021-06-07 tise Aon MISC 
statement, allowing low privilege users, such as subscribers, to calculated’ |ICONFIRM 
perform SQL injection. 
In WoWonder 3.0.4, remote attackers can take over any account LEY 
Wwowonder -- wowonder d : : : not yet MISC 
ue to the weak cryptographic algorithm in recover.php. The code|| 2021-06-11 
; ; : ‘ calculated ||MISC 
parameter is easily predicted from the time of day. MISC 
WP-CLI is the command-line interface for WordPress. An 
improper error handling in HTTPS requests management in WP- 
CLI version 0.12.0 and later allows remote attackers able to 
intercept the communication to remotely disable the certificate 
verification on WP-CLI side, gaining full control over the 
communication content, including the ability to impersonate 
update servers and push malicious updates towards WordPress 
instances controlled by the vulnerable WP-CLI agent, or push 
malicious updates toward WP-CLI itself. The vulnerability stems 
from the fact that the default behavior of 
“WP_CLI\Utils\http_request()’ when encountering a TLS CVE-2021-29504 
handshake error is to disable certificate validation and retry the MISC 
same request. The default behavior has been changed with MISC 
wp-cli -- wp-cli version 2.5.0 of WP-CLI and the ‘wp-cli/wp-cli’ framework (via 2021-06-07 not yet MISC 
https://github.com/wp-cli/wp-cli/pull/5523) so that the calculated ||MISC 
“WP_CLI\Utils\nttp_request()’ method accepts an “$insecure’ MISC 
option that is ‘false’ by default and consequently that a TLS MISC 
handshake failure is a hard error by default. This new default is a CONFIRM 
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xen -- xen 


HVM soft-reset crashes toolstack libxl requires all data structures 


passed across its public interface to be initialized before use and 
disposed of afterwards by calling a specific set of functions. Many 
internal data structures also require this initialize / dispose 
discipline, but not all of them. When the "soft reset" feature was 
implemented, the libxl__domain_suspend_state structure didn't 
require any initialization or disposal. At some point later, an 
initialization function was introduced for the structure; but the 
"soft reset" path wasn't refactored to call the initialization function. 
When a guest nwo initiates a "soft reboot", uninitialized data 
structure leads to an assert() when later code finds the structure 
in an unexpected state. The effect of this is to crash the process 
monitoring the guest. How this affects the system depends on the 
structure of the toolstack. For xl, this will have no security- 
relevant effect: every VM has its own independent monitoring 
process, which contains no state. The domain in question will 
hang in a crashed state, but can be destroyed by “xl destroy’ just 
like any other non-cooperating domain. For daemon-based 
toolstacks linked against libxl, such as libvirt, this will crash the 
toolstack, losing the state of any in-progress operations (localized 
DoS), and preventing further administrator operations unless the 
daemon is configured to restart automatically (system-wide DoS). 
If crashes "leak" resources, then repeated crashes could use up 
resources, also causing a system-wide DoS. 


2021-06-11 


not yet 
calculated 


CVE-2021-28687 
MISC 








xen -- xen 


x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV 
guests 32-bit x86 PV guest kernels run in ring 1. At the time when 
Xen was developed, this area of the i386 architecture was rarely 
used, which is why Xen was able to use it to implement 
paravirtualisation, Xen's novel approach to virtualization. In 
AMD64, Xen had to use a different implementation approach, so 
Xen does not use ring 1 to support 64-bit guests. With the focus 
now being on 64-bit systems, and the availability of explicit 
hardware support for virtualization, fixing speculation issues in 
ring 1 is not a priority for processor companies. Indirect Branch 
Restricted Speculation (IBRS) is an architectural x86 extension 
put together to combat speculative execution sidechannel 
attacks, including Spectre v2. It was retrofitted in microcode to 
existing CPUs. For more details on Spectre v2, see: 
http://xenbits.xen.org/xsa/advisory-254.html However, IBRS does 
not architecturally protect ring 0 from predictions learnt in ring 1. 
For more details, see: https://software.intel.com/security- 
software-guidance/deep-dives/deep-dive-indirect-branch- 
restricted-speculation Similar situations may exist with other 
mitigations for other kinds of speculative execution attacks. The 
situation is quite likely to be similar for speculative execution 
attacks which have yet to be discovered, disclosed, or mitigated. 


2021-06-11 


not yet 
calculated 


CVE-2021-28689 
MISC 








xscreensaver -- xscreensaver 


ScreenSaver 5.45 can be bypassed if the machine has more 
than ten disconnectable video outputs. A buffer overflow in 
update_screen_layout() allows an attacker to bypass the 
standard screen lock authentication mechanism by crashing 
XScreenSaver. The attacker must physically disconnect many 
video outputs. 


2021-06-10 


not yet 
calculated 


CVE-2021-34557 
MISC 

MISC 

MISC 

MISC 

MLIST 





z-blogphp -- z-blogphp 


Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote 


attackers to obtain sensitive information via the "redirect" 
parameter in the component "zb_system/cmd.php." 


2021-06-07 


not yet 
calculated 





CVE-2020-18268 
MISC 
MISC 











zoho_manageengine -- 
key_manager_plus 








Zoho ManageEngine Key Manager Plus before 6001 allows 
Stored XSS on the user-management page while importing 
malicious user details from AD. 








2021-06-07 








not yet 
calculated 


CVE-2021-28382 
MISC 
MISC 
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Zope is an open-source web application server. This advisory 
extends the previous advisory at 
https://github.com/zopefoundation/Zope/security/advisories/GHSA} 
5pr9-v234-jw36 with additional cases of TAL expression traversal 
vulnerabilities. Most Python modules are not available for using in 
TAL expressions that you can add through-the-web, for example 
in Zope Page Templates. This restriction avoids file system 
access, for example via the 'os' module. But some of the 
untrusted modules are available indirectly through Python 
modules that are available for direct use. By default, you need to 
zope_foundation -- zope have the Manager role to add or edit Zope Page Templates 2021-06-08 not yet 

through the web. Only sites that allow untrusted users to add/edit calculated |hian 
Zope Page Templates through the web are at risk. The problem Ferre 
has been fixed in Zope 5.21 and 4.6.1. The workaround is the ——— 
same as for 
https://github.com/zopefoundation/Zope/security/advisories/GHSA} 
5pr9-v234-jw36: A site administrator can restrict adding/editing 
Zope Page Templates through the web using the standard Zope 
user/role permission mechanisms. Untrusted users should not be 
assigned the Zope Manager role and adding/editing Zope Page 
Templates through the web should be restricted to trusted users 
only. 











A ZTE product has an information leak vulnerability. Due to 
improper permission settings, an attacker with ordinary user 
zte -- zte permissions could exploit this vulnerability to obtain some 2021-06-10 not yet |CVE-2021-21735 

sensitive user information through the wizard page without calculated ||MISC 
authentication. This affects ZXHN H168N all versions up to 
3.5.0 EG1T4_TE. 


[A smart camera product of ZTE is impacted by a permission and 

access control vulnerability. Due to the defect of user permission 

zte -- zte management by the cloud-end app, users whose sharing 2021-06-10 not yet |CVE-2021-21736 
permissions have been revoked can still control the camera, such calculated |IMISC 

as restarting the camera, restoring factory settings, etc.. This 

affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E 
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